mirror of
https://github.com/Mailu/Mailu.git
synced 2025-04-21 12:07:02 +02:00
Make it happen post-deduplication
This commit is contained in:
Florent Daigniere
parent
21ed7b69a8
commit
5a55d1824e
@ -71,12 +71,12 @@ class LimitWraperFactory(object):
|
|||||||
def rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None, password=''):
|
def rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None, password=''):
|
||||||
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')
|
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')
|
||||||
if self.is_subject_to_rate_limits(ip):
|
if self.is_subject_to_rate_limits(ip):
|
||||||
self.rate_limit_ip(ip, username)
|
|
||||||
truncated_password = hmac.new(bytearray(username, 'utf-8'), bytearray(password, 'utf-8'), 'sha256').hexdigest()[-6:]
|
truncated_password = hmac.new(bytearray(username, 'utf-8'), bytearray(password, 'utf-8'), 'sha256').hexdigest()[-6:]
|
||||||
if password and (self.storage.get(f'dedup2-{username}-{truncated_password}') > 0):
|
if password and (self.storage.get(f'dedup2-{username}-{truncated_password}') > 0):
|
||||||
return
|
return
|
||||||
self.storage.incr(f'dedup2-{username}-{truncated_password}', limits.parse(app.config['AUTH_RATELIMIT_USER']).GRANULARITY.seconds, True)
|
self.storage.incr(f'dedup2-{username}-{truncated_password}', limits.parse(app.config['AUTH_RATELIMIT_USER']).GRANULARITY.seconds, True)
|
||||||
limiter.hit(device_cookie if device_cookie_name == username else username)
|
limiter.hit(device_cookie if device_cookie_name == username else username)
|
||||||
|
self.rate_limit_ip(ip, username)
|
||||||
|
|
||||||
""" Device cookies as described on:
|
""" Device cookies as described on:
|
||||||
https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies
|
https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user