def test_revert(self): request = self.get_request() self.assertTrue(check_rate_limit('test', request)) self.assertTrue(check_rate_limit('test', request)) revert_rate_limit('test', request) self.assertTrue(check_rate_limit('test', request)) self.assertFalse(check_rate_limit('test', request))
def test_lockout(self): request = self.get_request() self.assertTrue(check_rate_limit('test', request)) sleep(1) self.assertFalse(check_rate_limit('test', request)) sleep(1) self.assertFalse(check_rate_limit('test', request))
def test_window(self): request = self.get_request() self.assertTrue(check_rate_limit("test", request)) sleep(1) self.assertFalse(check_rate_limit("test", request)) sleep(2) self.assertTrue(check_rate_limit("test", request))
def test_interval(self): request = self.get_request() self.assertTrue(check_rate_limit('test', request)) sleep(1.5) self.assertTrue(check_rate_limit('test', request)) sleep(1.5) self.assertTrue(check_rate_limit('test', request)) sleep(1.5) self.assertTrue(check_rate_limit('test', request))
def test_limit(self): request = self.get_request() for dummy in range(5): self.assertTrue( check_rate_limit('test', request) ) self.assertFalse( check_rate_limit('test', request) )
def test_lockout(self): request = self.get_request() self.assertTrue( check_rate_limit('test', request) ) sleep(1) self.assertFalse( check_rate_limit('test', request) ) sleep(1) self.assertFalse( check_rate_limit('test', request) )
def test_revert(self): request = self.get_request() self.assertTrue( check_rate_limit('test', request) ) self.assertTrue( check_rate_limit('test', request) ) revert_rate_limit('test', request) self.assertTrue( check_rate_limit('test', request) ) self.assertFalse( check_rate_limit('test', request) )
def clean(self): username = self.cleaned_data.get('username') password = self.cleaned_data.get('password') if username and password: if not check_rate_limit('login', self.request): raise forms.ValidationError( _('Too many authentication attempts from this location!') ) self.user_cache = authenticate( self.request, username=username, password=password ) if self.user_cache is None: for user in try_get_user(username, True): audit = AuditLog.objects.create( user, self.request, 'failed-auth', method='Password', name=username, ) audit.check_rate_limit(self.request) rotate_token(self.request) raise forms.ValidationError( self.error_messages['invalid_login'], code='invalid_login' ) if not self.user_cache.is_active: raise forms.ValidationError( self.error_messages['inactive'], code='inactive' ) AuditLog.objects.create( self.user_cache, self.request, 'login', method='Password', name=username ) reset_rate_limit('login', self.request) return self.cleaned_data
def contact(request): captcha = None show_captcha = settings.REGISTRATION_CAPTCHA and not request.user.is_authenticated if request.method == "POST": form = ContactForm(request.POST) if show_captcha: captcha = CaptchaForm(request, form, request.POST) if not check_rate_limit("message", request): messages.error( request, _("Too many messages sent, please try again later.") ) elif (captcha is None or captcha.is_valid()) and form.is_valid(): mail_admins_contact( request, "%(subject)s", CONTACT_TEMPLATE, form.cleaned_data, form.cleaned_data["email"], settings.ADMINS_CONTACT, ) return redirect("home") else: initial = get_initial_contact(request) if request.GET.get("t") in CONTACT_SUBJECTS: initial["subject"] = CONTACT_SUBJECTS[request.GET["t"]] form = ContactForm(initial=initial) if show_captcha: captcha = CaptchaForm(request) return render( request, "accounts/contact.html", {"form": form, "captcha_form": captcha, "title": _("Contact")}, )
def clean(self): username = self.cleaned_data.get("username") password = self.cleaned_data.get("password") if username and password: if not check_rate_limit("login", self.request): raise forms.ValidationError( _("Too many authentication attempts from this location.")) self.user_cache = authenticate(self.request, username=username, password=password) if self.user_cache is None: for user in try_get_user(username, True): audit = AuditLog.objects.create( user, self.request, "failed-auth", method="password", name=username, ) audit.check_rate_limit(self.request) rotate_token(self.request) raise forms.ValidationError( self.error_messages["invalid_login"], code="invalid_login") if not self.user_cache.is_active: raise forms.ValidationError(self.error_messages["inactive"], code="inactive") AuditLog.objects.create(self.user_cache, self.request, "login", method="password", name=username) adjust_session_expiry(self.request) reset_rate_limit("login", self.request) return self.cleaned_data
def contact(request): captcha = None show_captcha = (settings.REGISTRATION_CAPTCHA and not request.user.is_authenticated) if request.method == 'POST': form = ContactForm(request.POST) if show_captcha: captcha = CaptchaForm(request, form, request.POST) if not check_rate_limit('message', request): messages.error( request, _('Too many messages sent, please try again later!')) elif (captcha is None or captcha.is_valid()) and form.is_valid(): mail_admins_contact( request, '%(subject)s', CONTACT_TEMPLATE, form.cleaned_data, form.cleaned_data['email'], settings.ADMINS_CONTACT, ) return redirect('home') else: initial = get_initial_contact(request) if request.GET.get('t') in CONTACT_SUBJECTS: initial['subject'] = CONTACT_SUBJECTS[request.GET['t']] form = ContactForm(initial=initial) if show_captcha: captcha = CaptchaForm(request) return render(request, 'accounts/contact.html', { 'form': form, 'captcha_form': captcha, 'title': _('Contact'), })
def test_interval(self): request = self.get_request() self.assertTrue( check_rate_limit('test', request) ) sleep(1.5) self.assertTrue( check_rate_limit('test', request) ) sleep(1.5) self.assertTrue( check_rate_limit('test', request) ) sleep(1.5) self.assertTrue( check_rate_limit('test', request) )
def clean(self): if not check_rate_limit("registration", self.request): lockout_period = get_rate_setting("registration", "LOCKOUT") // 60 raise forms.ValidationError( ngettext( ("Too many failed registration attempts from this location. " "Please try again in %d minute."), ("Too many failed registration attempts from this location. " "Please try again in %d minutes."), lockout_period, ) % lockout_period) return self.cleaned_data
def clean(self): username = self.cleaned_data.get("username") password = self.cleaned_data.get("password") if username and password: if not check_rate_limit("login", self.request): lockout_period = get_rate_setting("login", "LOCKOUT") // 60 raise forms.ValidationError( ngettext( ( "Too many authentication attempts from this location. " "Please try again in %d minute." ), ( "Too many authentication attempts from this location. " "Please try again in %d minutes." ), lockout_period, ) % lockout_period ) self.user_cache = authenticate( self.request, username=username, password=password ) if self.user_cache is None: for user in try_get_user(username, True): audit = AuditLog.objects.create( user, self.request, "failed-auth", method="password", name=username, ) audit.check_rate_limit(self.request) rotate_token(self.request) raise forms.ValidationError( self.error_messages["invalid_login"], code="invalid_login" ) if not self.user_cache.is_active or self.user_cache.is_bot: raise forms.ValidationError( self.error_messages["inactive"], code="inactive" ) AuditLog.objects.create( self.user_cache, self.request, "login", method="password", name=username ) adjust_session_expiry(self.request) reset_rate_limit("login", self.request) return self.cleaned_data
def clean(self): username = self.cleaned_data.get('username') password = self.cleaned_data.get('password') if username and password: if not check_rate_limit('login', self.request): raise forms.ValidationError( _('Too many authentication attempts from this location!') ) self.user_cache = authenticate( self.request, username=username, password=password ) if self.user_cache is None: for user in try_get_user(username, True): notify_account_activity( user, self.request, 'failed-auth', method=ugettext('Password'), name=username, ) rotate_token(self.request) raise forms.ValidationError( self.error_messages['invalid_login'], code='invalid_login', ) elif not self.user_cache.is_active: raise forms.ValidationError( self.error_messages['inactive'], code='inactive', ) else: notify_account_activity( self.user_cache, self.request, 'login', method=ugettext('Password'), name=username, ) reset_rate_limit('login', self.request) return self.cleaned_data
def contact(request): captcha = None show_captcha = ( settings.REGISTRATION_CAPTCHA and not request.user.is_authenticated ) if request.method == 'POST': form = ContactForm(request.POST) if show_captcha: captcha = CaptchaForm(request, form, request.POST) if not check_rate_limit('message', request): messages.error( request, _('Too many messages sent, please try again later!') ) elif (captcha is None or captcha.is_valid()) and form.is_valid(): mail_admins_contact( request, '%(subject)s', CONTACT_TEMPLATE, form.cleaned_data, form.cleaned_data['email'], settings.ADMINS_CONTACT, ) return redirect('home') else: initial = get_initial_contact(request) if request.GET.get('t') in CONTACT_SUBJECTS: initial['subject'] = CONTACT_SUBJECTS[request.GET['t']] form = ContactForm(initial=initial) if show_captcha: captcha = CaptchaForm(request) return render( request, 'accounts/contact.html', { 'form': form, 'captcha_form': captcha, 'title': _('Contact'), } )
def clean(self): if not check_rate_limit('registration', self.request): raise forms.ValidationError( _('Too many registration attempts from this location!')) return self.cleaned_data
def test_limit(self): request = self.get_request() for _unused in range(5): self.assertTrue(check_rate_limit("test", request)) self.assertFalse(check_rate_limit("test", request))
def clean(self): if not check_rate_limit("registration", self.request): raise forms.ValidationError( _("Too many failed registration attempts from this location.")) return self.cleaned_data
def clean(self): if not check_rate_limit('registration', self.request): raise forms.ValidationError( _('Too many registration attempts from this location!') ) return self.cleaned_data
def test_basic(self): self.assertTrue(check_rate_limit('test', self.get_request()))
def search(request, project=None, component=None, lang=None): """Perform site-wide search on units.""" is_ratelimited = not check_rate_limit('search', request) search_form = SiteSearchForm(request.GET) context = { 'search_form': search_form, } search_kwargs = {} if component: obj = get_component(request, project, component) context['component'] = obj context['project'] = obj.project context['back_url'] = obj.get_absolute_url() search_kwargs = {'component': obj} elif project: obj = get_project(request, project) context['project'] = obj context['back_url'] = obj.get_absolute_url() search_kwargs = {'project': obj} else: obj = None context['back_url'] = None if lang: s_language = get_object_or_404(Language, code=lang) context['language'] = s_language search_kwargs = {'language': s_language} if obj: if component: context['back_url'] = obj.translation_set.get( language=s_language ).get_absolute_url() else: context['back_url'] = reverse( 'project-language', kwargs={ 'project': project, 'lang': lang, } ) else: context['back_url'] = s_language.get_absolute_url() if not is_ratelimited and request.GET and search_form.is_valid(): # Filter results by ACL if component: units = Unit.objects.filter(translation__component=obj) elif project: units = Unit.objects.filter(translation__component__project=obj) else: allowed_projects = request.user.allowed_projects units = Unit.objects.filter( translation__component__project__in=allowed_projects ) units = units.search( search_form.cleaned_data, **search_kwargs ) if lang: units = units.filter( translation__language=context['language'] ) units = get_paginator(request, units) context['show_results'] = True context['page_obj'] = units context['title'] = _('Search for %s') % ( search_form.cleaned_data['q'] ) context['query_string'] = search_form.urlencode() context['search_query'] = search_form.cleaned_data['q'] elif is_ratelimited: messages.error( request, _('Too many search queries, please try again later.') ) elif request.GET: messages.error(request, _('Invalid search query!')) show_form_errors(request, search_form) return render( request, 'search.html', context )
def search(request, project=None, component=None, lang=None): """Perform site-wide search on units.""" is_ratelimited = not check_rate_limit('search', request) search_form = SiteSearchForm(request.GET) context = { 'search_form': search_form, } search_kwargs = {} if component: obj = get_component(request, project, component) context['component'] = obj context['project'] = obj.project context['back_url'] = obj.get_absolute_url() search_kwargs = {'component': obj} elif project: obj = get_project(request, project) context['project'] = obj context['back_url'] = obj.get_absolute_url() search_kwargs = {'project': obj} else: obj = None context['back_url'] = None if lang: s_language = get_object_or_404(Language, code=lang) context['language'] = s_language search_kwargs = {'language': s_language} if obj: if component: context['back_url'] = obj.translation_set.get( language=s_language).get_absolute_url() else: context['back_url'] = reverse('project-language', kwargs={ 'project': project, 'lang': lang, }) else: context['back_url'] = s_language.get_absolute_url() if not is_ratelimited and request.GET and search_form.is_valid(): # Filter results by ACL if component: units = Unit.objects.filter(translation__component=obj) elif project: units = Unit.objects.filter(translation__component__project=obj) else: allowed_projects = request.user.allowed_projects units = Unit.objects.filter( translation__component__project__in=allowed_projects) units = units.search(search_form.cleaned_data, **search_kwargs) if lang: units = units.filter(translation__language=context['language']) units = get_paginator(request, units) context['show_results'] = True context['page_obj'] = units context['title'] = _('Search for %s') % (search_form.cleaned_data['q']) context['query_string'] = search_form.urlencode() context['search_query'] = search_form.cleaned_data['q'] elif is_ratelimited: messages.error(request, _('Too many search queries, please try again later.')) elif request.GET: messages.error(request, _('Invalid search query!')) show_form_errors(request, search_form) return render(request, 'search.html', context)
def search(request, project=None, component=None, lang=None): """Perform site-wide search on units.""" is_ratelimited = not check_rate_limit("search", request) search_form = SearchForm(request.user, request.GET) context = {"search_form": search_form} if component: obj = get_component(request, project, component) context["component"] = obj context["project"] = obj.project context["back_url"] = obj.get_absolute_url() elif project: obj = get_project(request, project) context["project"] = obj context["back_url"] = obj.get_absolute_url() else: obj = None context["back_url"] = None if lang: s_language = get_object_or_404(Language, code=lang) context["language"] = s_language if obj: if component: context["back_url"] = obj.translation_set.get( language=s_language).get_absolute_url() else: context["back_url"] = reverse("project-language", kwargs={ "project": project, "lang": lang }) else: context["back_url"] = s_language.get_absolute_url() if not is_ratelimited and request.GET and search_form.is_valid(): # Filter results by ACL if component: units = Unit.objects.filter(translation__component=obj) elif project: units = Unit.objects.filter(translation__component__project=obj) else: units = Unit.objects.filter( translation__component__project_id__in=request.user. allowed_project_ids) units = units.search(search_form.cleaned_data.get("q", "")).distinct() if lang: units = units.filter(translation__language=context["language"]) units = get_paginator(request, units.order()) context["show_results"] = True context["page_obj"] = units context["title"] = _("Search for %s") % (search_form.cleaned_data["q"]) context["query_string"] = search_form.urlencode() context["search_query"] = search_form.cleaned_data["q"] elif is_ratelimited: messages.error(request, _("Too many search queries, please try again later.")) elif request.GET: messages.error(request, _("Invalid search query!")) show_form_errors(request, search_form) return render(request, "search.html", context)
def search(request, project=None, component=None, lang=None): """Perform site-wide search on units.""" is_ratelimited = not check_rate_limit("search", request) search_form = SearchForm(user=request.user, data=request.GET) sort = get_sort_name(request) context = {"search_form": search_form} if component: obj = get_component(request, project, component) context["component"] = obj context["project"] = obj.project context["back_url"] = obj.get_absolute_url() elif project: obj = get_project(request, project) context["project"] = obj context["back_url"] = obj.get_absolute_url() else: obj = None context["back_url"] = None if lang: s_language = get_object_or_404(Language, code=lang) context["language"] = s_language if obj: if component: context["back_url"] = obj.translation_set.get( language=s_language).get_absolute_url() else: context["back_url"] = reverse("project-language", kwargs={ "project": project, "lang": lang }) else: context["back_url"] = s_language.get_absolute_url() if not is_ratelimited and request.GET and search_form.is_valid(): # This is ugly way to hide query builder when showing results search_form = SearchForm(user=request.user, data=request.GET, show_builder=False) search_form.is_valid() # Filter results by ACL units = Unit.objects.prefetch_full().prefetch() if component: units = units.filter(translation__component=obj) elif project: units = units.filter(translation__component__project=obj) else: units = units.filter_access(request.user) units = units.search(search_form.cleaned_data.get("q", ""), project=context.get("project")).distinct() if lang: units = units.filter(translation__language=context["language"]) units = get_paginator(request, units.order_by_request(search_form.cleaned_data)) # Rebuild context from scratch here to get new form context = { "search_form": search_form, "show_results": True, "page_obj": units, "title": _("Search for %s") % (search_form.cleaned_data["q"]), "query_string": search_form.urlencode(), "search_query": search_form.cleaned_data["q"], "search_items": search_form.items(), "filter_name": search_form.get_name(), "sort_name": sort["name"], "sort_query": sort["query"], } elif is_ratelimited: messages.error(request, _("Too many search queries, please try again later.")) elif request.GET: messages.error(request, _("Invalid search query!")) show_form_errors(request, search_form) return render(request, "search.html", context)