indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Tidying

main
Bob Mottram 2021-06-09 15:27:35 +01:00
parent f4b0491c34
commit 685ed0c22e
2 changed files with 33 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
auth.py
View File

@ -204,3 +204,30 @@ def createPassword(length=10):
validChars = 'abcdefghijklmnopqrstuvwxyz' + \ validChars = 'abcdefghijklmnopqrstuvwxyz' + \
'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
return ''.join((secrets.choice(validChars) for i in range(length))) return ''.join((secrets.choice(validChars) for i in range(length)))
def recordLoginFailure(ipAddress: str, countDict: {}, failTime: int) -> None:
"""Keeps ip addresses and the number of times login failures
occured for them in a dict
"""
if not countDict.get(ipAddress):
while len(countDict.items()) > 100:
oldestTime = 0
oldestIP = None
for ipAddr, ipItem in countDict.items():
if oldestTime == 0 or ipItem['time'] < oldestTime:
oldestTime = ipItem['time']
oldestIP = ipAddr
if oldestIP:
del countDict[oldestIP]
countDict[ipAddress] = {
"count": 1,
"time": failTime
}
else:
countDict[ipAddress]['count'] += 1
failCount = countDict[ipAddress]['count']
if failCount > 4:
print('WARN: ' + str(ipAddress) + ' failed to log in ' +
str(failCount) + ' times')
countDict[ipAddress]['time'] = failTime

33
daemon.py
View File

@ -101,6 +101,7 @@ from skills import noOfActorSkills
from skills import actorHasSkill from skills import actorHasSkill
from skills import actorSkillValue from skills import actorSkillValue
from skills import setActorSkillLevel from skills import setActorSkillLevel
from auth import recordLoginFailure
from auth import authorize from auth import authorize
from auth import createPassword from auth import createPassword
from auth import createBasicAuthHeader from auth import createBasicAuthHeader
@ -1442,7 +1443,8 @@ class PubServer(BaseHTTPRequestHandler):
ipAddress = self.headers['X-Forwarded-For'] ipAddress = self.headers['X-Forwarded-For']
else: else:
ipAddress = self.client_address[0] ipAddress = self.client_address[0]
print('Login attempt from IP: ' + str(ipAddress)) if not isLocalNetworkAddress(ipAddress):
print('Login attempt from IP: ' + str(ipAddress))
if not authorizeBasic(baseDir, '/users/' + if not authorizeBasic(baseDir, '/users/' +
loginNickname + '/outbox', loginNickname + '/outbox',
authHeader, False): authHeader, False):
@ -1451,32 +1453,9 @@ class PubServer(BaseHTTPRequestHandler):
failTime = int(time.time()) failTime = int(time.time())
self.server.lastLoginFailure = failTime self.server.lastLoginFailure = failTime
if not isLocalNetworkAddress(ipAddress): if not isLocalNetworkAddress(ipAddress):
countDict = self.server.loginFailureCount recordLoginFailure(ipAddress,
if not countDict.get(ipAddress): self.server.loginFailureCount,
while len(countDict.items()) > 100: failTime)
oldestTime = 0
oldestIP = None
for ipAddr, ipItem in countDict.items():
if oldestTime == 0 or \
ipItem['time'] < oldestTime:
oldestTime = ipItem['time']
oldestIP = ipAddr
if oldestTime > 0:
del countDict[oldestIP]
countDict[ipAddress] = {
"count": 1,
"time": failTime
}
else:
countDict[ipAddress]['count'] += 1
failCount = \
countDict[ipAddress]['count']
if failCount > 4:
print('WARN: ' + str(ipAddress) +
' failed to log in ' +
str(failCount) + ' times')
countDict[ipAddress]['time'] = \
failTime
self.server.POSTbusy = False self.server.POSTbusy = False
return return
else: else: