#435: Identity should monitor login attempts and prevent locked users from
logging in
-------------------------------+--------------------------------------------
Reporter: ksenia | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 1.x
Component: Identity | Version:
Severity: normal | Resolution:
Keywords: login locked user |
-------------------------------+--------------------------------------------
Comment (by Gustavo):
Replying to [comment:5 jorge.vargas]:
> for tg2 this should be a repoze.who plugin, which should be reported in
this trac.
I'd say it'd be so application-specific that it wouldn't worth trying to
deal with that in the form of a ''generic'' attempt, either in a new
repoze.who plugin or inside TG2 itself. First of all, the meaning of
"banned user" may differ greatly from one application to another, as well
as the way to identify them. Therefore if it was a feature request for TG2
I'd most probably mark it as wontfix.
For example, in a rather simple situation (too simple to be true) where
there's a "banned" attribute in the User model to tell if the user has
been banned and if you were using the repoze.who SQLAlchemy authenticator
plugin, you would subclass it as:
{{{
from repoze.who.plugins.sa import SQLAlchemyAuthenticatorPlugin
class MyBanningAwareAuthenticator(SQLAlchemyAuthenticatorPlugin):
def authenticate(self, environ, identity):
userid = super(MyBanningAwareAuthenticator,
self).authenticate(environ, identity)
user = identity.get('user')
if user and not user.banned:
return userid
}}}
That'd be all the code you'd need to prevent banned users from logging in
in TG2 with repoze.who. But wait, what if the user got banned because of
many failed login attempts (from somebody else) and now *she* (the real
user) does want to log in? Well, this is your way of handling that
situation, so it's up to you to handle the other aspects involved. And of
course, it'd be specific to your application (what are the actions that
ban users? how can they get unbanned? that's all app-specific).
> for tg1 it is still a valid feature request
In my opinion, it should be implemented on a per application basis, even
in TG1.
--
Ticket URL: <http://trac.turbogears.org/ticket/435#comment:6>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
