Implement a "cooloff period" for community authentication

This lets us configure some sites that require accounts to have been
in the system for longer than a certain time before they are allowed
to log in to that site. In particular, the wiki is easy to spam, so
we want those users to be in the system for a while before they can
try something like that.

Requires manual sql to be run on all installations:

ALTER TABLE account_communityauthsite ADD COLUMN cooloff_hours int NOT NULL DEFAULT 0;

diff --git a/pgweb/account/models.py b/pgweb/account/models.py
index 2d013ba3b9ea7be49723f1eff1a01aca3bb61a4a..31832fd65f9a3c327daea260cde18cdd241b28d2 100644 (file)
--- a/pgweb/account/models.py
+++ b/pgweb/account/models.py
@@ -8,6 +8,8 @@ class CommunityAuthSite(models.Model):
        cryptkey = models.CharField(max_length=100, null=False, blank=False,
                                                                help_text="Use tools/communityauth/generate_cryptkey.py to create a key")
        comment = models.TextField(null=False, blank=True)
+       cooloff_hours = models.IntegerField(null=False, blank=False, default=0,
+                                                                               help_text="Number of hours a user must have existed in the systems before allowed to log in to this site")
 
        def __unicode__(self):
                return self.name

diff --git a/pgweb/account/views.py b/pgweb/account/views.py
index 2c527552ef852613729209283e5e9414928bcd5d..330d7cfba17b549d161774bcddefee8107d82019 100644 (file)
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@@ -16,6 +16,7 @@ from Crypto.Cipher import AES
 from Crypto import Random
 import time
 import json
+from datetime import datetime, timedelta
 
 from pgweb.util.decorators import ssl_required
 from pgweb.util.contexts import NavContext
@@ -355,6 +356,13 @@ def communityauth(request, siteid):
                return render_to_response('account/communityauth_noinfo.html', {
                                }, NavContext(request, 'account'))
 
+       # Check for cooloff period
+       if site.cooloff_hours > 0:
+               if (datetime.now() - request.user.date_joined) < timedelta(hours=site.cooloff_hours):
+                       return render_to_response('account/communityauth_cooloff.html', {
+                               'site': site,
+                               }, NavContext(request, 'account'))
+
        info = {
                'u': request.user.username.encode('utf-8'),
                'f': request.user.first_name.encode('utf-8'),

diff --git a/templates/account/communityauth_cooloff.html b/templates/account/communityauth_cooloff.html
new file mode 100644 (file)
index 0000000..356548e
--- /dev/null
+++ b/templates/account/communityauth_cooloff.html
@@ -0,0 +1,11 @@
+{%extends "base/page.html"%}
+{%block contents%}
+<h1>Community authentication</h1>
+<p>
+The site your are trying to log in to ({{site.name}}) requires a
+cool-off period between account creation and logging in. Please
+try again later, or contact the postgresql.org webmasters if you
+have an urgent need to log in.
+</p>
+{%endblock%}
+