From 08eb54ad0f01411790e5826e827e7ab709148fda Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Tue, 11 Jan 2022 20:29:26 -0800
Subject: [PATCH] sso: Add missing captcha/rate limiting on SSO login

Tests:

- Install tt-rss. Logout. Visit the /tt-rss link. We will be redirected to the
login page. Login with wrong password 3 times. CAPTCHA is shown. Login with
correct password. Login will be successful.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/sso/urls.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plinth/modules/sso/urls.py b/plinth/modules/sso/urls.py
index fda36b82f..ba4d84280 100644
--- a/plinth/modules/sso/urls.py
+++ b/plinth/modules/sso/urls.py
@@ -3,6 +3,7 @@
 URLs for the Single Sign On module.
 """
 
+from axes.decorators import axes_dispatch
 from django.urls import re_path
 from stronghold.decorators import public
 
@@ -11,8 +12,8 @@ from plinth.utils import non_admin_view
 from .views import SSOLoginView, refresh
 
 urlpatterns = [
-    re_path(r'^accounts/sso/login/$', public(SSOLoginView.as_view()),
-            name='sso-login'),
+    re_path(r'^accounts/sso/login/$',
+            public(axes_dispatch(SSOLoginView.as_view())), name='sso-login'),
     re_path(r'^accounts/sso/refresh/$', non_admin_view(refresh),
             name='sso-refresh'),
 ]