authnzerver.ratelimit module¶
This module contains RequestHandler mixins that do rate-limiting for the authnzerver’s own API, handle throttling of incorrect password attempts, and do user locking/unlocking for repeated password check failures.
None of these will work without bits already defined in handlers.AuthHandler or close derivatives.
-
class
authnzerver.ratelimit.
RateLimitMixin
[source]¶ Bases:
object
This class contains a method that rate-limits the authnzerver’s own API.
Requires:
- self.cacheobj (from AuthHandler)
- self.ratelimits (from AuthHandler)
- self.pii_salt (from AuthHandler)
- self.request.remote_ip (from tornado.web.RequestHandler)
-
class
authnzerver.ratelimit.
UserLockMixin
[source]¶ Bases:
object
This class handles user locking/unlocking and slowing down repeated password failures.
-
handle_failed_logins
(payload: dict) → tuple[source]¶ This handles failed logins.
- Adds increasing wait times to successive logins if they keep failing.
- If the number of failed logins exceeds 10, the account is locked for one hour, and an unlock action is scheduled on the ioloop.
Requires:
- self.failed_passchecks (from AuthHandler)
- self.config (from AuthHandler)
-