nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-27 10:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

sso: Add missing captcha/rate limiting on SSO login

Browse Source 
Tests:

- Install tt-rss. Logout. Visit the /tt-rss link. We will be redirected to the
login page. Login with wrong password 3 times. CAPTCHA is shown. Login with
correct password. Login will be successful.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2022-01-11 20:29:26 -08:00 committed by James Valleroy
parent e89b0ee276
commit 08eb54ad0f
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plinth/modules/sso/urls.py
View File

@ -3,6 +3,7 @@
URLs for the Single Sign On module. URLs for the Single Sign On module.
""" """
from axes.decorators import axes_dispatch
from django.urls import re_path from django.urls import re_path
from stronghold.decorators import public from stronghold.decorators import public
@ -11,8 +12,8 @@ from plinth.utils import non_admin_view
from .views import SSOLoginView, refresh from .views import SSOLoginView, refresh
urlpatterns = [ urlpatterns = [
re_path(r'^accounts/sso/login/$', public(SSOLoginView.as_view()), re_path(r'^accounts/sso/login/$',
name='sso-login'), public(axes_dispatch(SSOLoginView.as_view())), name='sso-login'),
re_path(r'^accounts/sso/refresh/$', non_admin_view(refresh), re_path(r'^accounts/sso/refresh/$', non_admin_view(refresh),
name='sso-refresh'), name='sso-refresh'),
] ]