Fatal编程技术网
  • python/
  • Python 限制用户尝试登录的次数

Python 限制用户尝试登录的次数

python python-3.x authentication

Python 限制用户尝试登录的次数,python,python-3.x,authentication,basic-authentication,bottle,Python,Python 3.x,Authentication,Basic Authentication,Bottle,我正在使用瓶的@auth_basic decorator来构建我的登录模块。我想添加一个功能,如果用户输入了错误的密码,他们将被限制在5秒钟内重试。如何使用瓶子的@auth_basic实现这一点?显然我没有实际的登录信息。但这里有一种利用烧杯和装饰器跟踪登录尝试的方法 import gevent from gevent import monkey, signal monkey.patch_all() from gevent.pywsgi import WSGIServer from mainap

我正在使用瓶的@auth_basic decorator来构建我的登录模块。我想添加一个功能,如果用户输入了错误的密码,他们将被限制在5秒钟内重试。如何使用瓶子的@auth_basic实现这一点?

显然我没有实际的登录信息。但这里有一种利用烧杯和装饰器跟踪登录尝试的方法

import gevent
from gevent import monkey, signal
monkey.patch_all()
from gevent.pywsgi import WSGIServer
from mainapp import mainappRoute
import bottle
from bottle import request, get, post, template
from beaker.middleware import SessionMiddleware
from whitenoise import WhiteNoise

staticfolder = 'static'
beakerconfig = {
    'session.type': 'memory',
    'session.auto': True,
    'session.cookie_path': '/',
    'session.key': 'site_id',
    'session.secret' : 'lsfkjsdlfhofuhrlifuheroifh',
    'session.httponly' : True
}

class user(object):
    def __init__(self):
        self.session = request.environ['beaker.session']
        self.login_attempts = 0

    def set(self, **kwargs):
        for k,v in kwargs.items():
            self.session[k] = v
        self.__dict__.update(self.session)

    def attempt(self):
        self.session['login_attempts'] = self.session.get('login_attempts', 0) + 1
        if self.session['login_attempts'] == 3:
            #do something like redirect
            pass


def check_login(fn):
    def check_uid(**kwargs):
        u = user()
        u.attempt()
        return fn(**kwargs)
    return check_uid

def shutdown():
    print('Shutting down ...')
    server.stop(timeout=60)
    exit(signal.SIGTERM)

@get('/login')
def login():
    return template('login.html')

@post('/login')
@check_login
def process_login():
    u = user()
    #let javascript handle the timeout
    return template('index.html', attempts=u.login_attempts)


botapp = bottle.app()
for Route in (mainappRoute,):
    botapp.merge(Route)
botapp = SessionMiddleware(botapp, beakerconfig)
botapp = WhiteNoise(botapp)
botapp.add_files(staticfolder, prefix='static/')
server = WSGIServer(("0.0.0.0", int(80)), botapp)
gevent.signal(signal.SIGTERM, shutdown)
gevent.signal(signal.SIGINT, shutdown)  # CTRL C
server.serve_forever()
您应该使用会话来完成此任务。例如,
烧杯
可以跟踪访问时间。