def test_ratelimit(self): remaining, expires = ratelimit('test:ratelimit', 20, 20) assert remaining == 19 assert expires == 20 for i in range(18): remaining, expires = ratelimit('test:ratelimit', 20, 20) with self.assertRaises(LimitExceeded): ratelimit('test:ratelimit', 20, 20)
def login_session(): if request.method == 'DELETE': if UserSession.logout(): return '', 204 return jsonify(status='error'), 400 if request.mimetype == 'application/json': username, password = parse_auth_headers() else: username = request.form.username password = request.form.password if not username or not password: return jsonify( status='error', error_code='missing_required_field', error_description='Username and password are required.' ), 400 # can only try login a user 5 times prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr) ratelimit(prefix, 5, 3600) prefix = 'limit:login:{0}'.format(request.remote_addr) ratelimit(prefix, 60, 3600) if '@' in username: user = User.cache.filter_first(email=username) else: user = User.cache.filter_first(username=username) if not user or not user.check_password(password): return handle_login_failed(username, user) data = request.get_json() permanent = data.get('permanent', False) UserSession.login(user, permanent) return jsonify(user), 201
def login_session(): if request.method == 'DELETE': if UserSession.logout(): return '', 204 return jsonify(status='error'), 400 if request.mimetype == 'application/json': username, password = parse_auth_headers() else: username = request.form.username password = request.form.password if not username or not password: return jsonify( status='error', error_code='missing_required_field', error_description='Username and password are required.'), 400 # can only try login a user 5 times prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr) ratelimit(prefix, 5, 3600) prefix = 'limit:login:{0}'.format(request.remote_addr) ratelimit(prefix, 60, 3600) if '@' in username: user = User.cache.filter_first(email=username) else: user = User.cache.filter_first(username=username) if not user or not user.check_password(password): return handle_login_failed(username, user) data = request.get_json() permanent = data.get('permanent', False) UserSession.login(user, permanent) return jsonify(user), 201
def oauth_ratelimit(login, scopes): prefix, count, duration = oauth_limit_params(login, scopes) rv = ratelimit(prefix, count, duration) request._rate_remaining, request._rate_expires = rv