HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user
Review Request #4260 — Created March 18, 2014 and updated
commit 000f45f888bd81698d55b3940c8729fab338b223 Author: Abraham Elmahrek <firstname.lastname@example.org> Date: Tue Mar 4 14:02:25 2014 -0800 HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user Lock users out after 'nth' attempt per username per session. This means that every new user will have 'n' attempts per username. Provide a switch for locking superusers out. :100644 100644 7e2d1a1... 76cee4c... M desktop/conf.dist/hue.ini :100644 100644 58ab0ec... 12666ed... M desktop/conf/pseudo-distributed.ini.tmpl :100644 100644 6d82d7f... 91505e8... M desktop/core/src/desktop/auth/views.py :100644 100644 0c56c6c... af5756e... M desktop/core/src/desktop/auth/views_test.py :100644 100644 336713e... cf204ed... M desktop/core/src/desktop/conf.py
Provided new tests to verify this.
Revision 2 (+205 -55)
I was looking at some middlewares or apps that provide do this, in the logic they also check for the IP that way I can't have you blocked if I know your username. Do we do something like that (ideally stick to one anonymous session by user)? e.g. https://www.djangopackages.com/grids/g/security/
Do we still display that if needed? (the login page is getting complicated)