pluserable.no_bruteforce module¶
Prevent brute force by storing IP addresses in redis.
- class pluserable.no_bruteforce.BruteForceAidDummy(kerno, ip)[source]¶
Bases:
object
A test double for BruteForceAidRedis. Shows its public API.
- class pluserable.no_bruteforce.BruteForceAidRedis(kerno, ip)[source]¶
Bases:
object
App component that prevents brute forcing login, storing IPs in redis.
- is_login_blocked()[source]¶
Find out whether the IP address is currently blocked.
Return a tuple (remaining_seconds: int, error: str).
- Return type
Tuple
[int
,str
]
- name¶
Return the key used in redis to store data about this remote IP.
- one_day_in_milliseconds = 86400000¶
- pure_get_new_time(now, attempts=1)[source]¶
Compute the next moment until which this IP is getting blocked.
Pure method (no IO) that returns a tuple (datetime, int_seconds). The first login failure requires the user to wait 15 seconds and this number increases exponentially each time the credentials are found wrong.
- Return type
Tuple
[datetime
,int
]
- redis¶
- redis_url¶
- seconds_after_login_fail¶
Return the configured initial duration of a login block.
- store_login_failure()[source]¶
Store an authentication failure in redis.
Each value stored in redis is a dict with {blocked_until, attempts}. The redis key expires one day after the most recent failed attempt; during this time the waiting time increases exponentially.
Return the number of seconds the user must wait before retrying, or zero if this feature is not enabled.
- Return type
int
- pluserable.no_bruteforce.get_default_connection(kerno, url='', redis_client=<class 'redis.client.Redis'>, **redis_options)[source]¶
Return a Redis connection ready for use.
Once a connection is established it is saved in kerno.brute_redis.
url
is a connection string that will be passed straight to StrictRedis.from_url. Example:redis://username:password@localhost:6379/0