Example #1
0
    def test_ratelimit(self):
        remaining, expires = ratelimit('test:ratelimit', 20, 20)
        assert remaining == 19
        assert expires == 20

        for i in range(18):
            remaining, expires = ratelimit('test:ratelimit', 20, 20)

        with self.assertRaises(LimitExceeded):
            ratelimit('test:ratelimit', 20, 20)
Example #2
0
def login_session():
    if request.method == 'DELETE':
        if UserSession.logout():
            return '', 204
        return jsonify(status='error'), 400

    if request.mimetype == 'application/json':
        username, password = parse_auth_headers()
    else:
        username = request.form.username
        password = request.form.password

    if not username or not password:
        return jsonify(
            status='error',
            error_code='missing_required_field',
            error_description='Username and password are required.'
        ), 400

    # can only try login a user 5 times
    prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr)
    ratelimit(prefix, 5, 3600)

    prefix = 'limit:login:{0}'.format(request.remote_addr)
    ratelimit(prefix, 60, 3600)

    if '@' in username:
        user = User.cache.filter_first(email=username)
    else:
        user = User.cache.filter_first(username=username)

    if not user or not user.check_password(password):
        return handle_login_failed(username, user)

    data = request.get_json()
    permanent = data.get('permanent', False)
    UserSession.login(user, permanent)
    return jsonify(user), 201
Example #3
0
def login_session():
    if request.method == 'DELETE':
        if UserSession.logout():
            return '', 204
        return jsonify(status='error'), 400

    if request.mimetype == 'application/json':
        username, password = parse_auth_headers()
    else:
        username = request.form.username
        password = request.form.password

    if not username or not password:
        return jsonify(
            status='error',
            error_code='missing_required_field',
            error_description='Username and password are required.'), 400

    # can only try login a user 5 times
    prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr)
    ratelimit(prefix, 5, 3600)

    prefix = 'limit:login:{0}'.format(request.remote_addr)
    ratelimit(prefix, 60, 3600)

    if '@' in username:
        user = User.cache.filter_first(email=username)
    else:
        user = User.cache.filter_first(username=username)

    if not user or not user.check_password(password):
        return handle_login_failed(username, user)

    data = request.get_json()
    permanent = data.get('permanent', False)
    UserSession.login(user, permanent)
    return jsonify(user), 201
Example #4
0
def oauth_ratelimit(login, scopes):
    prefix, count, duration = oauth_limit_params(login, scopes)
    rv = ratelimit(prefix, count, duration)
    request._rate_remaining, request._rate_expires = rv