remove g.deduct_limit in api auth endpoint
This commit is contained in:
parent
0931642d11
commit
a662ef4aee
|
@ -3,7 +3,7 @@ import random
|
||||||
import facebook
|
import facebook
|
||||||
import google.oauth2.credentials
|
import google.oauth2.credentials
|
||||||
import googleapiclient.discovery
|
import googleapiclient.discovery
|
||||||
from flask import jsonify, request, g
|
from flask import jsonify, request
|
||||||
from flask_login import login_user
|
from flask_login import login_user
|
||||||
from itsdangerous import Signer
|
from itsdangerous import Signer
|
||||||
|
|
||||||
|
@ -25,9 +25,7 @@ from app.utils import sanitize_email
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/login", methods=["POST"])
|
@api_bp.route("/auth/login", methods=["POST"])
|
||||||
@limiter.limit(
|
@limiter.limit("10/minute")
|
||||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
|
||||||
)
|
|
||||||
def auth_login():
|
def auth_login():
|
||||||
"""
|
"""
|
||||||
Authenticate user
|
Authenticate user
|
||||||
|
@ -56,8 +54,6 @@ def auth_login():
|
||||||
user = User.filter_by(email=email).first()
|
user = User.filter_by(email=email).first()
|
||||||
|
|
||||||
if not user or not user.check_password(password):
|
if not user or not user.check_password(password):
|
||||||
# Trigger rate limiter
|
|
||||||
g.deduct_limit = True
|
|
||||||
return jsonify(error="Email or password incorrect"), 400
|
return jsonify(error="Email or password incorrect"), 400
|
||||||
elif user.disabled:
|
elif user.disabled:
|
||||||
return jsonify(error="Account disabled"), 400
|
return jsonify(error="Account disabled"), 400
|
||||||
|
@ -72,9 +68,7 @@ def auth_login():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/register", methods=["POST"])
|
@api_bp.route("/auth/register", methods=["POST"])
|
||||||
@limiter.limit(
|
@limiter.limit("10/minute")
|
||||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
|
||||||
)
|
|
||||||
def auth_register():
|
def auth_register():
|
||||||
"""
|
"""
|
||||||
User signs up - will need to activate their account with an activation code.
|
User signs up - will need to activate their account with an activation code.
|
||||||
|
@ -123,9 +117,7 @@ def auth_register():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/activate", methods=["POST"])
|
@api_bp.route("/auth/activate", methods=["POST"])
|
||||||
@limiter.limit(
|
@limiter.limit("10/minute")
|
||||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
|
||||||
)
|
|
||||||
def auth_activate():
|
def auth_activate():
|
||||||
"""
|
"""
|
||||||
User enters the activation code to confirm their account.
|
User enters the activation code to confirm their account.
|
||||||
|
@ -149,22 +141,16 @@ def auth_activate():
|
||||||
|
|
||||||
# do not use a different message to avoid exposing existing email
|
# do not use a different message to avoid exposing existing email
|
||||||
if not user or user.activated:
|
if not user or user.activated:
|
||||||
# Trigger rate limiter
|
|
||||||
g.deduct_limit = True
|
|
||||||
return jsonify(error="Wrong email or code"), 400
|
return jsonify(error="Wrong email or code"), 400
|
||||||
|
|
||||||
account_activation = AccountActivation.get_by(user_id=user.id)
|
account_activation = AccountActivation.get_by(user_id=user.id)
|
||||||
if not account_activation:
|
if not account_activation:
|
||||||
# Trigger rate limiter
|
|
||||||
g.deduct_limit = True
|
|
||||||
return jsonify(error="Wrong email or code"), 400
|
return jsonify(error="Wrong email or code"), 400
|
||||||
|
|
||||||
if account_activation.code != code:
|
if account_activation.code != code:
|
||||||
# decrement nb tries
|
# decrement nb tries
|
||||||
account_activation.tries -= 1
|
account_activation.tries -= 1
|
||||||
Session.commit()
|
Session.commit()
|
||||||
# Trigger rate limiter
|
|
||||||
g.deduct_limit = True
|
|
||||||
|
|
||||||
if account_activation.tries == 0:
|
if account_activation.tries == 0:
|
||||||
AccountActivation.delete(account_activation.id)
|
AccountActivation.delete(account_activation.id)
|
||||||
|
|
|
@ -79,7 +79,6 @@ def get_spf_domain(hostname) -> [str]:
|
||||||
|
|
||||||
|
|
||||||
def get_txt_record(hostname) -> [str]:
|
def get_txt_record(hostname) -> [str]:
|
||||||
"""return all domains listed in *include:*"""
|
|
||||||
try:
|
try:
|
||||||
answers = _get_dns_resolver().resolve(hostname, "TXT", search=True)
|
answers = _get_dns_resolver().resolve(hostname, "TXT", search=True)
|
||||||
except Exception:
|
except Exception:
|
||||||
|
|
Loading…
Reference in a new issue