-
-
desktop/core/src/desktop/auth/views.py (Diff revision 1) I think we should delete the key on success if there is one?
-
desktop/core/src/desktop/auth/views.py (Diff revision 1) Are we showing back something to the user? a 301 could be nice that way navigator can catch it?
HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user
Review Request #4260 — Created March 18, 2014 and updated
Information | |
---|---|
abec | |
old-hue-rw | |
HUE-2014 | |
Reviewers | |
hue | |
enricoberti, romain |
commit 000f45f888bd81698d55b3940c8729fab338b223 Author: Abraham Elmahrek <abraham@elmahrek.com> Date: Tue Mar 4 14:02:25 2014 -0800 HUE-2014 [core] Lock Hue for nth failed log-in attempts for a user Lock users out after 'nth' attempt per username per session. This means that every new user will have 'n' attempts per username. Provide a switch for locking superusers out. :100644 100644 7e2d1a1... 76cee4c... M desktop/conf.dist/hue.ini :100644 100644 58ab0ec... 12666ed... M desktop/conf/pseudo-distributed.ini.tmpl :100644 100644 6d82d7f... 91505e8... M desktop/core/src/desktop/auth/views.py :100644 100644 0c56c6c... af5756e... M desktop/core/src/desktop/auth/views_test.py :100644 100644 336713e... cf204ed... M desktop/core/src/desktop/conf.py
Provided new tests to verify this.
-
-
desktop/core/src/desktop/auth/forms.py (Diff revision 2) I was looking at some middlewares or apps that provide do this, in the logic they also check for the IP that way I can't have you blocked if I know your username. Do we do something like that (ideally stick to one anonymous session by user)? e.g. https://www.djangopackages.com/grids/g/security/
-
desktop/core/src/desktop/templates/login.mako (Diff revision 2) Do we still display that if needed? (the login page is getting complicated)