romain
-
-
desktop/core/src/desktop/auth/views.py (Diff revision 1) I think we should delete the key on success if there is one?
-
desktop/core/src/desktop/auth/views.py (Diff revision 1) Are we showing back something to the user? a 301 could be nice that way navigator can catch it?
HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user
Review Request #4260 — Created March 18, 2014 and updated
| Information | |
|---|---|
| abec | |
| old-hue-rw | |
| HUE-2014 | |
| Reviewers | |
| hue | |
| enricoberti, romain | |
commit 000f45f888bd81698d55b3940c8729fab338b223
Author: Abraham Elmahrek <abraham@elmahrek.com>
Date: Tue Mar 4 14:02:25 2014 -0800
HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user
Lock users out after 'nth' attempt per username per session.
This means that every new user will have 'n' attempts per username.
Provide a switch for locking superusers out.
:100644 100644 7e2d1a1... 76cee4c... M desktop/conf.dist/hue.ini
:100644 100644 58ab0ec... 12666ed... M desktop/conf/pseudo-distributed.ini.tmpl
:100644 100644 6d82d7f... 91505e8... M desktop/core/src/desktop/auth/views.py
:100644 100644 0c56c6c... af5756e... M desktop/core/src/desktop/auth/views_test.py
:100644 100644 336713e... cf204ed... M desktop/core/src/desktop/conf.py
Provided new tests to verify this.
-
-
desktop/core/src/desktop/auth/forms.py (Diff revision 2) I was looking at some middlewares or apps that provide do this, in the logic they also check for the IP that way I can't have you blocked if I know your username. Do we do something like that (ideally stick to one anonymous session by user)? e.g. https://www.djangopackages.com/grids/g/security/
-
desktop/core/src/desktop/templates/login.mako (Diff revision 2) Do we still display that if needed? (the login page is getting complicated)