Skip to content

Commit 944d8bd

Browse files
committed
Check if host is denied before verifying password
1 parent 33c1144 commit 944d8bd

File tree

2 files changed

+9
-2
lines changed

2 files changed

+9
-2
lines changed

Diff for: applications/admin/controllers/default.py

+3
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,9 @@ def index():
121121
send = URL('site')
122122
if session.authorized:
123123
redirect(send)
124+
elif failed_login_count() >= allowed_number_of_attempts:
125+
time.sleep(2 ** allowed_number_of_attempts)
126+
raise HTTP(403)
124127
elif request.vars.password:
125128
if verify_password(request.vars.password[:1024]):
126129
session.authorized = True

Diff for: applications/admin/models/access.py

+6-2
Original file line numberDiff line numberDiff line change
@@ -104,13 +104,12 @@ def write_hosts_deny(denied_hosts):
104104
portalocker.unlock(f)
105105
f.close()
106106

107-
108107
def login_record(success=True):
109108
denied_hosts = read_hosts_deny()
110109
val = (0, 0)
111110
if success and request.client in denied_hosts:
112111
del denied_hosts[request.client]
113-
elif not success and not request.is_local:
112+
elif not success:
114113
val = denied_hosts.get(request.client, (0, 0))
115114
if time.time() - val[1] < expiration_failed_logins \
116115
and val[0] >= allowed_number_of_attempts:
@@ -121,6 +120,11 @@ def login_record(success=True):
121120
write_hosts_deny(denied_hosts)
122121
return val[0]
123122

123+
def failed_login_count():
124+
denied_hosts = read_hosts_deny()
125+
val = denied_hosts.get(request.client, (0, 0))
126+
return val[0]
127+
124128

125129
# ###########################################################
126130
# ## session expiration

0 commit comments

Comments
 (0)