From 7bb76e334f57c44b9bd093c295982fe35865a2fa Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Thu, 17 Dec 2015 16:34:18 +0100 Subject: [PATCH] Implement a "cooloff period" for community authentication This lets us configure some sites that require accounts to have been in the system for longer than a certain time before they are allowed to log in to that site. In particular, the wiki is easy to spam, so we want those users to be in the system for a while before they can try something like that. Requires manual sql to be run on all installations: ALTER TABLE account_communityauthsite ADD COLUMN cooloff_hours int NOT NULL DEFAULT 0; --- pgweb/account/models.py | 2 ++ pgweb/account/views.py | 8 ++++++++ templates/account/communityauth_cooloff.html | 11 +++++++++++ 3 files changed, 21 insertions(+) create mode 100644 templates/account/communityauth_cooloff.html diff --git a/pgweb/account/models.py b/pgweb/account/models.py index 2d013ba3..31832fd6 100644 --- a/pgweb/account/models.py +++ b/pgweb/account/models.py @@ -8,6 +8,8 @@ class CommunityAuthSite(models.Model): cryptkey = models.CharField(max_length=100, null=False, blank=False, help_text="Use tools/communityauth/generate_cryptkey.py to create a key") comment = models.TextField(null=False, blank=True) + cooloff_hours = models.IntegerField(null=False, blank=False, default=0, + help_text="Number of hours a user must have existed in the systems before allowed to log in to this site") def __unicode__(self): return self.name diff --git a/pgweb/account/views.py b/pgweb/account/views.py index 2c527552..330d7cfb 100644 --- a/pgweb/account/views.py +++ b/pgweb/account/views.py @@ -16,6 +16,7 @@ from Crypto.Cipher import AES from Crypto import Random import time import json +from datetime import datetime, timedelta from pgweb.util.decorators import ssl_required from pgweb.util.contexts import NavContext @@ -355,6 +356,13 @@ def communityauth(request, siteid): return render_to_response('account/communityauth_noinfo.html', { }, NavContext(request, 'account')) + # Check for cooloff period + if site.cooloff_hours > 0: + if (datetime.now() - request.user.date_joined) < timedelta(hours=site.cooloff_hours): + return render_to_response('account/communityauth_cooloff.html', { + 'site': site, + }, NavContext(request, 'account')) + info = { 'u': request.user.username.encode('utf-8'), 'f': request.user.first_name.encode('utf-8'), diff --git a/templates/account/communityauth_cooloff.html b/templates/account/communityauth_cooloff.html new file mode 100644 index 00000000..356548e2 --- /dev/null +++ b/templates/account/communityauth_cooloff.html @@ -0,0 +1,11 @@ +{%extends "base/page.html"%} +{%block contents%} +

Community authentication

+

+The site your are trying to log in to ({{site.name}}) requires a +cool-off period between account creation and logging in. Please +try again later, or contact the postgresql.org webmasters if you +have an urgent need to log in. +

+{%endblock%} + -- 2.39.5