def test_revert(self):
request = self.get_request()
self.assertTrue(check_rate_limit('test', request))
self.assertTrue(check_rate_limit('test', request))
revert_rate_limit('test', request)
self.assertTrue(check_rate_limit('test', request))
self.assertFalse(check_rate_limit('test', request))
def test_lockout(self):
request = self.get_request()
self.assertTrue(check_rate_limit('test', request))
sleep(1)
self.assertFalse(check_rate_limit('test', request))
sleep(1)
self.assertFalse(check_rate_limit('test', request))
def test_window(self):
request = self.get_request()
self.assertTrue(check_rate_limit("test", request))
sleep(1)
self.assertFalse(check_rate_limit("test", request))
sleep(2)
self.assertTrue(check_rate_limit("test", request))
def test_interval(self):
request = self.get_request()
self.assertTrue(check_rate_limit('test', request))
sleep(1.5)
self.assertTrue(check_rate_limit('test', request))
sleep(1.5)
self.assertTrue(check_rate_limit('test', request))
sleep(1.5)
self.assertTrue(check_rate_limit('test', request))
def test_limit(self):
request = self.get_request()
for dummy in range(5):
self.assertTrue(
check_rate_limit('test', request)
)
self.assertFalse(
check_rate_limit('test', request)
)
def test_lockout(self):
request = self.get_request()
self.assertTrue(
check_rate_limit('test', request)
)
sleep(1)
self.assertFalse(
check_rate_limit('test', request)
)
sleep(1)
self.assertFalse(
check_rate_limit('test', request)
)
def test_revert(self):
request = self.get_request()
self.assertTrue(
check_rate_limit('test', request)
)
self.assertTrue(
check_rate_limit('test', request)
)
revert_rate_limit('test', request)
self.assertTrue(
check_rate_limit('test', request)
)
self.assertFalse(
check_rate_limit('test', request)
)
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
if username and password:
if not check_rate_limit('login', self.request):
raise forms.ValidationError(
_('Too many authentication attempts from this location!')
)
self.user_cache = authenticate(
self.request, username=username, password=password
)
if self.user_cache is None:
for user in try_get_user(username, True):
audit = AuditLog.objects.create(
user,
self.request,
'failed-auth',
method='Password',
name=username,
)
audit.check_rate_limit(self.request)
rotate_token(self.request)
raise forms.ValidationError(
self.error_messages['invalid_login'], code='invalid_login'
)
if not self.user_cache.is_active:
raise forms.ValidationError(
self.error_messages['inactive'], code='inactive'
)
AuditLog.objects.create(
self.user_cache, self.request, 'login', method='Password', name=username
)
reset_rate_limit('login', self.request)
return self.cleaned_data
def contact(request):
captcha = None
show_captcha = settings.REGISTRATION_CAPTCHA and not request.user.is_authenticated
if request.method == "POST":
form = ContactForm(request.POST)
if show_captcha:
captcha = CaptchaForm(request, form, request.POST)
if not check_rate_limit("message", request):
messages.error(
request, _("Too many messages sent, please try again later.")
)
elif (captcha is None or captcha.is_valid()) and form.is_valid():
mail_admins_contact(
request,
"%(subject)s",
CONTACT_TEMPLATE,
form.cleaned_data,
form.cleaned_data["email"],
settings.ADMINS_CONTACT,
)
return redirect("home")
else:
initial = get_initial_contact(request)
if request.GET.get("t") in CONTACT_SUBJECTS:
initial["subject"] = CONTACT_SUBJECTS[request.GET["t"]]
form = ContactForm(initial=initial)
if show_captcha:
captcha = CaptchaForm(request)
return render(
request,
"accounts/contact.html",
{"form": form, "captcha_form": captcha, "title": _("Contact")},
)
def clean(self):
username = self.cleaned_data.get("username")
password = self.cleaned_data.get("password")
if username and password:
if not check_rate_limit("login", self.request):
raise forms.ValidationError(
_("Too many authentication attempts from this location."))
self.user_cache = authenticate(self.request,
username=username,
password=password)
if self.user_cache is None:
for user in try_get_user(username, True):
audit = AuditLog.objects.create(
user,
self.request,
"failed-auth",
method="password",
name=username,
)
audit.check_rate_limit(self.request)
rotate_token(self.request)
raise forms.ValidationError(
self.error_messages["invalid_login"], code="invalid_login")
if not self.user_cache.is_active:
raise forms.ValidationError(self.error_messages["inactive"],
code="inactive")
AuditLog.objects.create(self.user_cache,
self.request,
"login",
method="password",
name=username)
adjust_session_expiry(self.request)
reset_rate_limit("login", self.request)
return self.cleaned_data
def contact(request):
captcha = None
show_captcha = (settings.REGISTRATION_CAPTCHA
and not request.user.is_authenticated)
if request.method == 'POST':
form = ContactForm(request.POST)
if show_captcha:
captcha = CaptchaForm(request, form, request.POST)
if not check_rate_limit('message', request):
messages.error(
request, _('Too many messages sent, please try again later!'))
elif (captcha is None or captcha.is_valid()) and form.is_valid():
mail_admins_contact(
request,
'%(subject)s',
CONTACT_TEMPLATE,
form.cleaned_data,
form.cleaned_data['email'],
settings.ADMINS_CONTACT,
)
return redirect('home')
else:
initial = get_initial_contact(request)
if request.GET.get('t') in CONTACT_SUBJECTS:
initial['subject'] = CONTACT_SUBJECTS[request.GET['t']]
form = ContactForm(initial=initial)
if show_captcha:
captcha = CaptchaForm(request)
return render(request, 'accounts/contact.html', {
'form': form,
'captcha_form': captcha,
'title': _('Contact'),
})
def test_interval(self):
request = self.get_request()
self.assertTrue(
check_rate_limit('test', request)
)
sleep(1.5)
self.assertTrue(
check_rate_limit('test', request)
)
sleep(1.5)
self.assertTrue(
check_rate_limit('test', request)
)
sleep(1.5)
self.assertTrue(
check_rate_limit('test', request)
)
def clean(self):
if not check_rate_limit("registration", self.request):
lockout_period = get_rate_setting("registration", "LOCKOUT") // 60
raise forms.ValidationError(
ngettext(
("Too many failed registration attempts from this location. "
"Please try again in %d minute."),
("Too many failed registration attempts from this location. "
"Please try again in %d minutes."),
lockout_period,
) % lockout_period)
return self.cleaned_data
def clean(self):
username = self.cleaned_data.get("username")
password = self.cleaned_data.get("password")
if username and password:
if not check_rate_limit("login", self.request):
lockout_period = get_rate_setting("login", "LOCKOUT") // 60
raise forms.ValidationError(
ngettext(
(
"Too many authentication attempts from this location. "
"Please try again in %d minute."
),
(
"Too many authentication attempts from this location. "
"Please try again in %d minutes."
),
lockout_period,
)
% lockout_period
)
self.user_cache = authenticate(
self.request, username=username, password=password
)
if self.user_cache is None:
for user in try_get_user(username, True):
audit = AuditLog.objects.create(
user,
self.request,
"failed-auth",
method="password",
name=username,
)
audit.check_rate_limit(self.request)
rotate_token(self.request)
raise forms.ValidationError(
self.error_messages["invalid_login"], code="invalid_login"
)
if not self.user_cache.is_active or self.user_cache.is_bot:
raise forms.ValidationError(
self.error_messages["inactive"], code="inactive"
)
AuditLog.objects.create(
self.user_cache, self.request, "login", method="password", name=username
)
adjust_session_expiry(self.request)
reset_rate_limit("login", self.request)
return self.cleaned_data
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
if username and password:
if not check_rate_limit('login', self.request):
raise forms.ValidationError(
_('Too many authentication attempts from this location!')
)
self.user_cache = authenticate(
self.request,
username=username,
password=password
)
if self.user_cache is None:
for user in try_get_user(username, True):
notify_account_activity(
user,
self.request,
'failed-auth',
method=ugettext('Password'),
name=username,
)
rotate_token(self.request)
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
)
elif not self.user_cache.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
else:
notify_account_activity(
self.user_cache,
self.request,
'login',
method=ugettext('Password'),
name=username,
)
reset_rate_limit('login', self.request)
return self.cleaned_data
def contact(request):
captcha = None
show_captcha = (
settings.REGISTRATION_CAPTCHA and
not request.user.is_authenticated
)
if request.method == 'POST':
form = ContactForm(request.POST)
if show_captcha:
captcha = CaptchaForm(request, form, request.POST)
if not check_rate_limit('message', request):
messages.error(
request,
_('Too many messages sent, please try again later!')
)
elif (captcha is None or captcha.is_valid()) and form.is_valid():
mail_admins_contact(
request,
'%(subject)s',
CONTACT_TEMPLATE,
form.cleaned_data,
form.cleaned_data['email'],
settings.ADMINS_CONTACT,
)
return redirect('home')
else:
initial = get_initial_contact(request)
if request.GET.get('t') in CONTACT_SUBJECTS:
initial['subject'] = CONTACT_SUBJECTS[request.GET['t']]
form = ContactForm(initial=initial)
if show_captcha:
captcha = CaptchaForm(request)
return render(
request,
'accounts/contact.html',
{
'form': form,
'captcha_form': captcha,
'title': _('Contact'),
}
)
def clean(self):
if not check_rate_limit('registration', self.request):
raise forms.ValidationError(
_('Too many registration attempts from this location!'))
return self.cleaned_data
def test_limit(self):
request = self.get_request()
for _unused in range(5):
self.assertTrue(check_rate_limit("test", request))
self.assertFalse(check_rate_limit("test", request))
def clean(self):
if not check_rate_limit("registration", self.request):
raise forms.ValidationError(
_("Too many failed registration attempts from this location."))
return self.cleaned_data
def clean(self):
if not check_rate_limit('registration', self.request):
raise forms.ValidationError(
_('Too many registration attempts from this location!')
)
return self.cleaned_data
def test_basic(self):
self.assertTrue(check_rate_limit('test', self.get_request()))
def search(request, project=None, component=None, lang=None):
"""Perform site-wide search on units."""
is_ratelimited = not check_rate_limit('search', request)
search_form = SiteSearchForm(request.GET)
context = {
'search_form': search_form,
}
search_kwargs = {}
if component:
obj = get_component(request, project, component)
context['component'] = obj
context['project'] = obj.project
context['back_url'] = obj.get_absolute_url()
search_kwargs = {'component': obj}
elif project:
obj = get_project(request, project)
context['project'] = obj
context['back_url'] = obj.get_absolute_url()
search_kwargs = {'project': obj}
else:
obj = None
context['back_url'] = None
if lang:
s_language = get_object_or_404(Language, code=lang)
context['language'] = s_language
search_kwargs = {'language': s_language}
if obj:
if component:
context['back_url'] = obj.translation_set.get(
language=s_language
).get_absolute_url()
else:
context['back_url'] = reverse(
'project-language',
kwargs={
'project': project,
'lang': lang,
}
)
else:
context['back_url'] = s_language.get_absolute_url()
if not is_ratelimited and request.GET and search_form.is_valid():
# Filter results by ACL
if component:
units = Unit.objects.filter(translation__component=obj)
elif project:
units = Unit.objects.filter(translation__component__project=obj)
else:
allowed_projects = request.user.allowed_projects
units = Unit.objects.filter(
translation__component__project__in=allowed_projects
)
units = units.search(
search_form.cleaned_data,
**search_kwargs
)
if lang:
units = units.filter(
translation__language=context['language']
)
units = get_paginator(request, units)
context['show_results'] = True
context['page_obj'] = units
context['title'] = _('Search for %s') % (
search_form.cleaned_data['q']
)
context['query_string'] = search_form.urlencode()
context['search_query'] = search_form.cleaned_data['q']
elif is_ratelimited:
messages.error(
request, _('Too many search queries, please try again later.')
)
elif request.GET:
messages.error(request, _('Invalid search query!'))
show_form_errors(request, search_form)
return render(
request,
'search.html',
context
)
def search(request, project=None, component=None, lang=None):
"""Perform site-wide search on units."""
is_ratelimited = not check_rate_limit('search', request)
search_form = SiteSearchForm(request.GET)
context = {
'search_form': search_form,
}
search_kwargs = {}
if component:
obj = get_component(request, project, component)
context['component'] = obj
context['project'] = obj.project
context['back_url'] = obj.get_absolute_url()
search_kwargs = {'component': obj}
elif project:
obj = get_project(request, project)
context['project'] = obj
context['back_url'] = obj.get_absolute_url()
search_kwargs = {'project': obj}
else:
obj = None
context['back_url'] = None
if lang:
s_language = get_object_or_404(Language, code=lang)
context['language'] = s_language
search_kwargs = {'language': s_language}
if obj:
if component:
context['back_url'] = obj.translation_set.get(
language=s_language).get_absolute_url()
else:
context['back_url'] = reverse('project-language',
kwargs={
'project': project,
'lang': lang,
})
else:
context['back_url'] = s_language.get_absolute_url()
if not is_ratelimited and request.GET and search_form.is_valid():
# Filter results by ACL
if component:
units = Unit.objects.filter(translation__component=obj)
elif project:
units = Unit.objects.filter(translation__component__project=obj)
else:
allowed_projects = request.user.allowed_projects
units = Unit.objects.filter(
translation__component__project__in=allowed_projects)
units = units.search(search_form.cleaned_data, **search_kwargs)
if lang:
units = units.filter(translation__language=context['language'])
units = get_paginator(request, units)
context['show_results'] = True
context['page_obj'] = units
context['title'] = _('Search for %s') % (search_form.cleaned_data['q'])
context['query_string'] = search_form.urlencode()
context['search_query'] = search_form.cleaned_data['q']
elif is_ratelimited:
messages.error(request,
_('Too many search queries, please try again later.'))
elif request.GET:
messages.error(request, _('Invalid search query!'))
show_form_errors(request, search_form)
return render(request, 'search.html', context)
def search(request, project=None, component=None, lang=None):
"""Perform site-wide search on units."""
is_ratelimited = not check_rate_limit("search", request)
search_form = SearchForm(request.user, request.GET)
context = {"search_form": search_form}
if component:
obj = get_component(request, project, component)
context["component"] = obj
context["project"] = obj.project
context["back_url"] = obj.get_absolute_url()
elif project:
obj = get_project(request, project)
context["project"] = obj
context["back_url"] = obj.get_absolute_url()
else:
obj = None
context["back_url"] = None
if lang:
s_language = get_object_or_404(Language, code=lang)
context["language"] = s_language
if obj:
if component:
context["back_url"] = obj.translation_set.get(
language=s_language).get_absolute_url()
else:
context["back_url"] = reverse("project-language",
kwargs={
"project": project,
"lang": lang
})
else:
context["back_url"] = s_language.get_absolute_url()
if not is_ratelimited and request.GET and search_form.is_valid():
# Filter results by ACL
if component:
units = Unit.objects.filter(translation__component=obj)
elif project:
units = Unit.objects.filter(translation__component__project=obj)
else:
units = Unit.objects.filter(
translation__component__project_id__in=request.user.
allowed_project_ids)
units = units.search(search_form.cleaned_data.get("q", "")).distinct()
if lang:
units = units.filter(translation__language=context["language"])
units = get_paginator(request, units.order())
context["show_results"] = True
context["page_obj"] = units
context["title"] = _("Search for %s") % (search_form.cleaned_data["q"])
context["query_string"] = search_form.urlencode()
context["search_query"] = search_form.cleaned_data["q"]
elif is_ratelimited:
messages.error(request,
_("Too many search queries, please try again later."))
elif request.GET:
messages.error(request, _("Invalid search query!"))
show_form_errors(request, search_form)
return render(request, "search.html", context)
def search(request, project=None, component=None, lang=None):
"""Perform site-wide search on units."""
is_ratelimited = not check_rate_limit("search", request)
search_form = SearchForm(user=request.user, data=request.GET)
sort = get_sort_name(request)
context = {"search_form": search_form}
if component:
obj = get_component(request, project, component)
context["component"] = obj
context["project"] = obj.project
context["back_url"] = obj.get_absolute_url()
elif project:
obj = get_project(request, project)
context["project"] = obj
context["back_url"] = obj.get_absolute_url()
else:
obj = None
context["back_url"] = None
if lang:
s_language = get_object_or_404(Language, code=lang)
context["language"] = s_language
if obj:
if component:
context["back_url"] = obj.translation_set.get(
language=s_language).get_absolute_url()
else:
context["back_url"] = reverse("project-language",
kwargs={
"project": project,
"lang": lang
})
else:
context["back_url"] = s_language.get_absolute_url()
if not is_ratelimited and request.GET and search_form.is_valid():
# This is ugly way to hide query builder when showing results
search_form = SearchForm(user=request.user,
data=request.GET,
show_builder=False)
search_form.is_valid()
# Filter results by ACL
units = Unit.objects.prefetch_full().prefetch()
if component:
units = units.filter(translation__component=obj)
elif project:
units = units.filter(translation__component__project=obj)
else:
units = units.filter_access(request.user)
units = units.search(search_form.cleaned_data.get("q", ""),
project=context.get("project")).distinct()
if lang:
units = units.filter(translation__language=context["language"])
units = get_paginator(request,
units.order_by_request(search_form.cleaned_data))
# Rebuild context from scratch here to get new form
context = {
"search_form": search_form,
"show_results": True,
"page_obj": units,
"title": _("Search for %s") % (search_form.cleaned_data["q"]),
"query_string": search_form.urlencode(),
"search_query": search_form.cleaned_data["q"],
"search_items": search_form.items(),
"filter_name": search_form.get_name(),
"sort_name": sort["name"],
"sort_query": sort["query"],
}
elif is_ratelimited:
messages.error(request,
_("Too many search queries, please try again later."))
elif request.GET:
messages.error(request, _("Invalid search query!"))
show_form_errors(request, search_form)
return render(request, "search.html", context)
