def decor(*args, **kwargs):
# Import here to avoid AppRegistryNotReady("Apps aren't loaded yet.") Exception
from BruteBuster.models import FailedAttempt
from BruteBuster.middleware import get_request
"""
This is the wrapper that gets installed around the default
authentication function.
"""
user = kwargs.get('username', '')
if not user:
raise ValueError(
'BruteBuster cannot work with authenticate functions that do not include "username" as an argument'
)
request = get_request()
if request:
# try to get the remote address from thread locals
IP_ADDR = request.META.get('REMOTE_ADDR', None)
else:
IP_ADDR = None
try:
fa = FailedAttempt.objects.filter(username=user, IP=IP_ADDR)[0]
if fa.recent_failure():
if fa.too_many_failures():
# we block the authentication attempt because
# of too many recent failures
fa.failures += 1
fa.save()
return None
else:
# the block interval is over, so let's start
# with a clean sheet
fa.failures = 0
fa.save()
except IndexError:
# No previous failed attempts
fa = None
result = auth_func(*args, **kwargs)
if result:
# if login is success we clear failures field if exists
if fa:
fa.failures = 0
fa.save()
# the authentication was successful - we do nothing
# special
return result
# the authentication was kaput, we should record this
fa = fa or FailedAttempt(username=user, IP=IP_ADDR, failures=0)
fa.failures += 1
fa.save()
# return with unsuccessful auth
return None
def decor(*args, **kwargs):
"""
This is the wrapper that gets installed around the default
authentication function.
"""
user = kwargs.get('username', '')
if not user:
# We need to deactivate this exception due to auth2 which doesn't
# use username in the authentication function
return None
# raise ValueError ('BruteBuster cannot work with authenticate
# functions that do not include 'username' as an argument') "
request = get_request()
if request:
# try to get the remote address from thread locals
IP_ADDR = request.META.get('REMOTE_ADDR', None)
else:
IP_ADDR = None
try:
fa = FailedAttempt.objects.filter(username=user, IP=IP_ADDR)[0]
if fa.recent_failure():
if fa.too_many_failures():
# we block the authentication attempt because
# of too many recent failures
fa.failures += 1
fa.save()
return None
else:
# the block interval is over, so let's start
# with a clean sheet
fa.failures = 0
fa.save()
except IndexError:
# No previous failed attempts
fa = None
result = auth_func(*args, **kwargs)
if result:
# the authentication was successful - we do nothing
# special
return result
# the authentication was kaput, we should record this
fa = fa or FailedAttempt(username=user, IP=IP_ADDR, failures=0)
fa.failures += 1
fa.save()
# return with unsuccessful auth
return None
def decor(*args, **kwargs):
"""
This is the wrapper that gets installed around the default
authentication function.
"""
user = kwargs.get('username', '')
if not user:
# We need to deactivate this exception due to auth2 which doesn't
# use username in the authentication function
return None
# raise ValueError ('BruteBuster cannot work with authenticate
# functions that do not include 'username' as an argument') "
request = get_request()
if request:
# try to get the remote address from thread locals
IP_ADDR = request.META.get('REMOTE_ADDR', None)
else:
IP_ADDR = None
try:
fa = FailedAttempt.objects.filter(username=user, IP=IP_ADDR)[0]
if fa.recent_failure():
if fa.too_many_failures():
# we block the authentication attempt because
# of too many recent failures
fa.failures += 1
fa.save()
return None
else:
# the block interval is over, so let's start
# with a clean sheet
fa.failures = 0
fa.save()
except IndexError:
# No previous failed attempts
fa = None
result = auth_func(*args, **kwargs)
if result:
# the authentication was successful - we do nothing
# special
return result
# the authentication was kaput, we should record this
fa = fa or FailedAttempt(username=user, IP=IP_ADDR, failures=0)
fa.failures += 1
fa.save()
# return with unsuccessful auth
return None
def decor(*args, **kwargs):
user = get_username(**kwargs)
if not user:
raise ValueError('BruteBuster could not find a username in the authenticate kwargs')
request = get_request()
if request:
# try to get the remote address from thread locals
# First check if the client IP is captured in a different header
# by a forwarding proxy.
ip_list = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')
IP_ADDR = ip_list[0].strip()
if not IP_ADDR:
# Otherwise, use the basic REMOTE_ADDR header.
IP_ADDR = request.META.get('REMOTE_ADDR', None)
else:
IP_ADDR = None
try:
fa = FailedAttempt.objects.filter(username=user, IP=IP_ADDR)[0]
if fa.recent_failure():
if fa.too_many_failures():
# we block the authentication attempt because
# of too many recent failures
fa.failures += 1
fa.save()
# Raise validation error
raise ValidationError(LOCKOUT_MESSAGE)
else:
# the block interval is over, so let's start
# with a clean sheet
fa.failures = 0
fa.save()
except IndexError:
# No previous failed attempts
fa = None
result = auth_func(*args, **kwargs)
if result:
# the authentication was successful - we do nothing
# special
return result
# the authentication was kaput, we should record this
fa = fa or FailedAttempt(username=user, IP=IP_ADDR, failures=0)
fa.failures += 1
fa.save()
# return with unsuccessful auth
return None
