[web2py] Re: Failed login attempt lockout

Wed, 22 Apr 2015 18:53:09 -0700 

pardon me, still not understood what do you mean with the cache. on my 
example above yet, i still not sure which one to use, yet your hints, quite 
clear about database. thank you anthony.
*e.g. work fine*
*models/db.py*
auth = Auth(db)

auth.settings.extra_fields['auth_user']= [
  Field('Attempts', 'integer') ]

auth.define_tables(username=True, signature=False)

def login_attempts(form):
username = request.vars.username
row = db((db.auth_user.username == username ) ).select().first()
if row is not None:
db(db.auth_user.id == row.id).update(Attempts = row.Attempts + 1)
db.auth_event.insert(time_stamp = request.now, 
 client_ip = request.client, 
 user_id = row.id, 
 origin = '%s/%s' % (request.controller, 
 request.function), 
 description = '%s login failed' % (row.username) )
if row.Attempts >= 3:
redirect(URL('default', 'test') )
else:
redirect(URL('default', 'user/login') )

auth.settings.login_onfail.append(login_attempts)

but when tried to combine with cache and banned ip it's not work (no errors 
occured but the result is not expected)
*e.g. same code like above just a modification on if conditional*
if row.Attempts >= 3:
#BAN_IP_TIME = 60 * 60 * 24 # 1 day
BAN_IP_TIME = 10
ban_key = request.client + 'ban'
if cache.ram(ban_key, lambda: False, BAN_IP_TIME):
raise HTTP(429, 'IP blocked')                                               
                                            

# maximum number of fast requests allowed before banned
MAX_REQUESTS = 3 
request_key = request.client + 'requests'
cache.ram(request_key, lambda: 0, 1)
if cache.ram.increment(request_key) > MAX_REQUESTS:
cache.ram(ban_key, lambda: True, BAN_IP_TIME)
redirect(URL('default', 'test') )

ref:
https://groups.google.com/forum/#!searchin/web2py/Hi$2C$20Is$20there$20a$20way$20to$20block$20ip$20address$20if$20there$20are$20more$20no$20of$20requests$20from$20the$20same$20ip$20address%7Csort:relevance/web2py/5OIz8Quu6KY/1JyItKwpsE8J

any idea how to achieve it using web2py?

thanks and best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to