0

My goal is to implement some solution for limiting login attempts for a large django site. This is the template error that is being returns when I attempt to login with correct/incorrect credentials. I'm using the django-rate-limit module:

http://django-ratelimit-backend.readthedocs.org/en/latest/usage.html.

enter image description here

<!-- BEGIN LOGIN FORM -->
<form class="login-form" {% url 'ratelimitbackend.views.login' %} method="post">{% csrf_token %}
    <h3 class="form-title">Sign in to your account!</h3>
    <div class="alert alert-danger display-hide">
        <button class="close" data-close="alert"></button>
        <span>
            Sorry. You're username and/or password is invalid. Please try again.
        </span>
    </div>
    <div class="form-group">
        <!--ie8, ie9 does not support html5 placeholder, so we just show field title for that-->
        <label class="control-label visible-ie8 visible-ie9">Username</label>
        <div class="input-icon">
            <i class="fa fa-user"></i>
            <input class="form-control placeholder-no-fix" type="text" autocomplete="off" placeholder="Username" name="username"/>
        </div>
    </div>
    <div class="form-group">
        <label class="control-label visible-ie8 visible-ie9">Password</label>
        <div class="input-icon">
            <i class="fa fa-lock"></i>
            <input class="form-control placeholder-no-fix" type="password" autocomplete="off" placeholder="Password" name="password"/>
        </div>
    </div>
    <div class="form-actions">
        <label class="checkbox">
        <input type="checkbox" name="remember" value="1"/> Remember me </label>
        <button type="submit" class="btn propagreen pull-right">
        Login <i class="m-icon-swapright m-icon-white"></i>
        </button>
    </div>
    <!-- <div class="login-options">
        <h4>Or login with</h4>
        <ul class="social-icons">
            <li>
                <a class="facebook" data-original-title="facebook" href="#">
                </a>
            </li>
            <li>
                <a class="twitter" data-original-title="Twitter" href="#">
                </a>
            </li>
            <li>
                <a class="googleplus" data-original-title="Goole Plus" href="#">
                </a>
            </li>
            <li>
                <a class="linkedin" data-original-title="Linkedin" href="#">
                </a>
            </li>
        </ul>
    </div> -->
    <div class="forget-password">
        <h4>Forgot your password ?</h4>
        <p>
             No worries! Click
            <a href="../../user/password/reset" id="forget-password">
                 here
            </a>
             to reset your password.
        </p>
    </div>
</form>
<!-- END LOGIN FORM -->

I include the middleware that rate-limit requires in the settings.py

('ratelimitbackend.middleware.RateLimitMiddleware',)

I have the urls.py configured as such from ratelimitbackend import admin admin.autodiscover()

Community
  • 1
  • 1
willredington315
  • 199
  • 1
  • 13

1 Answers1

0

For those interested, I ended up completely ditching django-ratelimit altoghter as it wasn't suitable because the authetnication I was using was highly custom and not a great fit.

The solution involved create a new model for LoginAttempts, with the foregin key for the user. And then I added a signal to detect a login failure, which in Django 1.5, is

user_login_failed()

From there just popular the LoginAttempts table and set a limit in your setttings.py to something like 15. Once the user has signed out go ahead and reset the login attempts to 0. It's not the most elegant solution but it works, and doesn't require any adanced configuration is your using a custom authentication system like myself.

willredington315
  • 199
  • 1
  • 13