Exemplos de log_last_login_attempt em Python

Linguagem de programação: Python

Espaço para nome / nome do pacote: bitsd.persistence.query

Método / Função: log_last_login_attempt

Exemplos em hotexamples.com: 2

log_last_login_attempt em Python - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de bitsd.persistence.query.log_last_login_attempt em Python extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Relacionados

extract_page_urls

Signature

identity_mapping

HistoryViewer

AddAttractionForm

install_ssh_key

read_sparse

create_local_srs

LogReader

ExtraTreesRegressor

Related in langs

template_title (PHP)

CentroMedico (PHP)

BlockTags (C#)

BattleEndCondition (C#)

uregex_group (C++)

db_strlcpy (C++)

ParseConfig (Go)

ClearDepth (Go)

KmlPosition (Java)

ListCellRenderer (Java)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: auth.py Projeto: BitsDevelopmentTeam/bits-server

def detect_dos(attempt, timeout): if solved_captcha: return False # Otherwise, check timing if attempt is not None: too_quick = (now - attempt.timestamp) < timeout if too_quick: log_last_login_attempt(session, ip_address, username) return True else: # Clean up if no more relevant session.delete(attempt) return False

Exemplo n.º 2

0

Exibir arquivo

Arquivo: auth.py Projeto: BitsDevelopmentTeam/bits-server

def verify(session, username, supplied_password, ip_address, has_captcha, recaptcha_challenge, recaptcha_response): """Verify user credentials. If the username exists, then the supplied password is hashed and compared with the stored hash. Otherwise, an hash is calculated and discarded. An hash is calculated regardless of the existence of the username, so that the response time is approximately the same whether the username exists or not, mitigating a timing attack to reveal valid usernames. In order to mitigate DoS/bruteforce attacks, two temporal limitations are enforced: 1. Max 1 failed login attempt per IP address each second (regardless of username) 2. Max 1 failed login attempt per each username per IP address each `min_log_retry` seconds (see bitsd.properties), whether the username exists or not. A DoS protection is necessary because password hashing is an expensive operation. """ if has_captcha: solved_captcha = ReCaptcha.is_solution_correct(recaptcha_response, recaptcha_challenge, ip_address) # Exit immediately if wrong answer if not solved_captcha: return False else: solved_captcha = False # Save "now" so that the two timestamp checks are referred to the same instant now = datetime.now() def detect_dos(attempt, timeout): if solved_captcha: return False # Otherwise, check timing if attempt is not None: too_quick = (now - attempt.timestamp) < timeout if too_quick: log_last_login_attempt(session, ip_address, username) return True else: # Clean up if no more relevant session.delete(attempt) return False last_attempt_for_ip = get_last_login_attempt(session, ip_address) last_attempt_for_ip_and_username = get_last_login_attempt(session, ip_address, username) if detect_dos(last_attempt_for_ip, timedelta(seconds=1)): raise DoSError("Too frequent requests from {}".format(ip_address)) if detect_dos(last_attempt_for_ip_and_username, timedelta(seconds=options.min_login_retry)): raise DoSError("Too frequent attempts from {} for username {}".format(ip_address, username)) user = get_user(session, username) if user is None: LOG.warn("Failed attempt for non existent user %r", username) # Calculate hash anyway (see docs for the explanation) Hasher.encrypt(supplied_password) log_last_login_attempt(session, ip_address, username) return False else: valid = Hasher.verify(supplied_password, user.password) if not valid: log_last_login_attempt(session, ip_address, username) return valid