Summary:

Implemented Djblet's rate-limiting feature in ReviewBoard's authentication form.

Review Request #8768 — Created Feb. 20, 2017 and submitted May 25, 2017, 12:40 p.m.

Information
Owner:	rkdhatt
Repository:	Review Board
Branch:	master
Bugs:
Depends On:	~~8698~~
Commit:	c44726c...
Reviewers
Groups:	reviewboard, students
People:

Description

There has been a request to implement a rate-limiting feature in
ReviewBoard's authentication form by tracking the number of failed login
attempts per IP/username in the cache, along with the last login time,
and prevent further logins until some amount of time has passed.

Testing Done

This has been tested manually by attempting to log into reviewboard with
an existing username but incorrect password until the maximum number of
attempts has been reached. In addition, the number of login attempts and
time left before rate limit is over was also tracked during this process
using print statements in djblet's ratelimit.py file (more specifically,
the dictionary returned from the get_usage_count() method in ratelimit.py).

Issues

Description	From	Last Updated
RR dependencies should live in the depends on field, not the description.	brennie	April 6, 2017, 2:43 p.m.
Col: 80 E501 line too long (85 > 79 characters)	reviewbot	Feb. 23, 2017, 3:58 p.m.
Col: 80 E501 line too long (89 > 79 characters)	reviewbot	Feb. 23, 2017, 3:58 p.m.
Col: 9 E303 too many blank lines (2)	reviewbot	Feb. 23, 2017, 3:58 p.m.
Missing a docstring for the function here?	szhang	March 1, 2017, 10:46 a.m.
Multi-line strings should use parenthesis, according to: https://www.notion.so/reviewboard/Python-Coding-Style-Guide-f9a0e51ee0cf40379fcbbae40bbbec04#ec5a472e3610412ea99d0835a1faf2c0	szhang	March 1, 2017, 10:44 a.m.
Correct me if I'm wrong: I don't think we need a blank line here.	szhang	March 1, 2017, 10:51 a.m.
Can these two if statements be merged into one? A question I would have with this is if, for the …	szhang	March 1, 2017, 10:51 a.m.
I don't think the call is long enough to warrant this? I think if request started on the same line …	szhang	March 1, 2017, 10:51 a.m.
A parenthesis instead of a backslash?	szhang	March 1, 2017, 10:51 a.m.
'settings' imported but unused	reviewbot	March 1, 2017, 4:41 p.m.
'DEFAULT_KEY' imported but unused	reviewbot	March 1, 2017, 4:41 p.m.
Col: 17 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:41 p.m.
Col: 17 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:41 p.m.
'settings' imported but unused	reviewbot	March 1, 2017, 4:42 p.m.
'DEFAULT_KEY' imported but unused	reviewbot	March 1, 2017, 4:42 p.m.
Col: 17 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:42 p.m.
Col: 17 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:42 p.m.
Col: 25 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:45 p.m.
Col: 25 E128 continuation line under-indented for visual indent	reviewbot	March 1, 2017, 4:45 p.m.
This should be marked for translation with ugettext.	brennie	March 12, 2017, 1:13 p.m.
Same comment wrt your djblets change.	brennie	March 13, 2017, 11:17 a.m.
No blank line here, since from the point of view of the Review Board codebase, djblets is a third-party module.	chipx86	March 14, 2017, 5:08 p.m.
"informs the user" "have been exceeded."	chipx86	March 14, 2017, 5:09 p.m.
This doesn't validate the clean field, but rather validates the form. These docs also need a "Returns" section, like: """ …	chipx86	March 14, 2017, 5:10 p.m.
"Djblets's"	chipx86	March 14, 2017, 5:11 p.m.
"if the number" "were already exceeded"	chipx86	March 14, 2017, 5:11 p.m.
Alignment is off. In this case, it's best to wrap like: raise forms.ValidationError( _('...'))	chipx86	March 14, 2017, 5:12 p.m.
Blank line between these.	chipx86	March 14, 2017, 5:12 p.m.
Throwing away all validation errors will mean that things like username or password validation will go away, and we'll allow …	chipx86	March 18, 2017, 5:03 p.m.
"for a given user"	chipx86	March 14, 2017, 5:13 p.m.
We're calling this a second time, which we don't want to do. The parent clean() should only be called once. …	chipx86	March 18, 2017, 5:03 p.m.
Col: 80 E501 line too long (80 > 79 characters)	reviewbot	March 17, 2017, 11:24 a.m.
local variable 'result' is assigned to but never used	reviewbot	March 18, 2017, 5:05 p.m.
Col: 80 E501 line too long (81 > 79 characters)	reviewbot	March 18, 2017, 5:06 p.m.
local variable 'e' is assigned to but never used	reviewbot	March 22, 2017, 11:29 a.m.
Technically, this should be self.cleaned_data = super(...).clean()	brennie	March 30, 2017, 6:26 p.m.
is None	brennie	March 30, 2017, 7:01 p.m.

Tool: Pyflakes
Processed Files:
    reviewboard/accounts/forms/auth.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/accounts/forms/auth.py

Commit:

-	a993762e1c5e1c9c1e947c3e30c3be69e9bed56d
+	a8b9d1e3724bdc396807aaac2a387f6d7baa666c

Implemented Djblet's rate-limiting feature in ReviewBoard's authentication form.

Commit:

Diff:

Summary:

Description:

Testing Done:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Description:

Depends On:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Commit:

Diff:

Description:

Testing Done:

Commit:

Diff:

Checks run (3 succeeded)

Diff:

Checks run (3 succeeded)

Diff:

Checks run (2 succeeded, 1 failed with error)

Description:

Description:

Status: Closed (submitted)

Change Summary: