Implemented Djblet's rate-limiting feature in ReviewBoard's authentication form.

Review Request #8768 - Created Feb. 20, 2017 and updated

Raman Dhatt
Review Board
master
8698
c44726c...
reviewboard, students

There has been a request to implement a rate-limiting feature in
ReviewBoard's authentication form by tracking the number of failed login
attempts per IP/username in the cache, along with the last login time,
and prevent further logins until some amount of time has passed.

This has been tested manually by attempting to log into reviewboard with
an existing username but incorrect password until the maximum number of
attempts has been reached. In addition, the number of login attempts and
time left before rate limit is over was also tracked during this process
using print statements in djblet's ratelimit.py file (more specifically,
the dictionary returned from the get_usage_count() method in ratelimit.py).

  • 0
  • 38
  • 0
  • 38
Description From Last Updated
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Simon Zhang
Raman Dhatt
Review Bot
Raman Dhatt
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Barret Rennie
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Christian Hammond
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Raman Dhatt
Review Bot
Raman Dhatt
Review Bot
Raman Dhatt
Barret Rennie
Raman Dhatt
Raman Dhatt
Raman Dhatt
Raman Dhatt
Barret Rennie
Raman Dhatt
Review request changed

Description:

   

There has been a request to implement a rate-limiting feature in

    ReviewBoard's authentication form by tracking the number of failed login
    attempts per IP/username in the cache, along with the last login time,
~   and prevent further logins until some amount of time has passed.
  ~ and prevent further logins until some amount of time has passed.

-   This is dependent on review requests 8698 and 8839 (which is based off of 8698), where the ratelimiting has
-   been implemented in djblets.

Loading...