Implemented Djblet's rate-limiting feature in ReviewBoard's authentication form.
Review Request #8768 — Created Feb. 20, 2017 and submitted — Latest diff uploaded
There has been a request to implement a rate-limiting feature in
ReviewBoard's authentication form by tracking the number of failed login
attempts per IP/username in the cache, along with the last login time,
and prevent further logins until some amount of time has passed.
This has been tested manually by attempting to log into reviewboard with
an existing username but incorrect password until the maximum number of
attempts has been reached. In addition, the number of login attempts and
time left before rate limit is over was also tracked during this process
using print statements in djblet's ratelimit.py file (more specifically,
the dictionary returned from the get_usage_count() method in ratelimit.py).