Commits

Andriy Kornatskyy  committed d666317

Added lockout quota for signup in demo template.

  • Participants
  • Parent commits cdfde13

Comments (0)

Files changed (8)

File demos/template/content/templates-jinja2/membership/signup.html

                 <p>
                 <input type="submit" value="Register" />
                 </p>
+                <p><b>WARNING</b>: The site policy allows only 2 registrations \
+                    per IP address, otherwise your IP address will be blocked for \
+                    <i>60 seconds</i>.
+                </p>
             </fieldset>
         </div>
     </form>

File demos/template/content/templates-mako/membership/signup.html

                 <p>
                 <input type="submit" value="Register" />
                 </p>
+                <p><b>WARNING</b>: The site policy allows only 2 registrations \
+                    per IP address, otherwise your IP address will be blocked for \
+                    <i>60 seconds</i>.
+                </p>
             </fieldset>
         </div>
     </form>

File demos/template/content/templates-preprocessor/membership/signup.html

                 <p>
                 <input type="submit" value="Register" />
                 </p>
+                <p><b>WARNING</b>: The site policy allows only 2 registrations \
+                    per IP address, otherwise your IP address will be blocked for \
+                    <i>60 seconds</i>.
+                </p>
             </fieldset>
         </div>
     </form>

File demos/template/content/templates-tenjin/membership/signup.html

                 <p>
                 <input type="submit" value="Register" />
                 </p>
+                <p><b>WARNING</b>: The site policy allows only 2 registrations \
+                    per IP address, otherwise your IP address will be blocked for \
+                    <i>60 seconds</i>.
+                </p>
             </fieldset>
         </div>
     </form>

File demos/template/content/templates-wheezy/membership/signup.html

                 <p>
                 <input type="submit" value="Register" />
                 </p>
+                <p><b>WARNING</b>: The site policy allows only 2 registrations \
+                    per IP address, otherwise your IP address will be blocked for \
+                    <i>60 seconds</i>.
+                </p>
             </fieldset>
         </div>
     </form>

File demos/template/setup.py

 
 install_requires = [
     'wheezy.core>=0.1.104',
-    'wheezy.caching>=0.1.90',
+    'wheezy.caching>=0.1.91',
     'wheezy.html>=0.1.130',
     'wheezy.http>=0.1.287',
     'wheezy.routing>=0.1.145',

File demos/template/src/membership/web/tests/test_views.py

         assert AUTH_COOKIE not in self.client.cookies
         assert 'class="error-message"' in self.client.content
 
-    def test_lockout(self):
-        """ Ensure sigin page displays general error message.
+    def test_lockout_guard(self):
+        """ Ensure sigin lockout guard is reached.
         """
         self.client.environ['REMOTE_ADDR'] = '192.168.10.101'
         errors = self.signin('test', 'password')
             assert 200 == client.follow()
             SignInPage(client)
 
-except NotImplementedError:
+except NotImplementedError:  # pragma: nocover
     pass
 
 
         self.signout()
 
 
-class SignUpTestCase(unittest.TestCase, SignInMixin, SignUpMixin):
+class SignUpTestCase(unittest.TestCase, SignInMixin, SignUpMixin,
+                     SignOutMixin):
 
     def setUp(self):
         self.client = WSGIClient(main)
         assert RESUBMISSION_NAME not in self.client.cookies
         assert 'Welcome <b>John Smith' in self.client.content
 
+    def test_lockout_quota(self):
+        """ Ensure signup quata is reached.
+        """
+        self.client.environ['REMOTE_ADDR'] = '192.168.10.101'
+
+        errors = self.signup(
+            username='joe',
+            display_name='Joe Smith',
+            email='joe@somewhere.com',
+            date_of_birth='1980/4/5',
+            password='P@ssw0rd',
+            confirm_password='P@ssw0rd',
+            answer='7')
+        assert not errors
+        assert 200 == self.client.follow()
+        assert AUTH_COOKIE in self.client.cookies
+        self.signout()
+
+        errors = self.signup(
+            username='jassy',
+            display_name='Jassy Smith',
+            email='jassy@somewhere.com',
+            date_of_birth='1982/7/17',
+            password='P@ssw0rd',
+            confirm_password='P@ssw0rd',
+            answer='7')
+        assert not errors
+        assert 200 == self.client.follow()
+        assert AUTH_COOKIE in self.client.cookies
+        self.signout()
+
+        self.signup(
+            username='jack',
+            display_name='Jack Smith',
+            email='jack@somewhere.com',
+            date_of_birth='1981/3/18',
+            password='P@ssw0rd',
+            confirm_password='P@ssw0rd',
+            answer='7')
+        # after 2nd attempt the access is forbidden
+        assert 403 == self.client.follow()
+
     def test_if_authenticated_redirect(self):
         """ If user is already authenticated redirect
             to default page.
             assert 6 == len(errors)
             assert AUTH_COOKIE not in self.client.cookies
 
-except NotImplementedError:
+except NotImplementedError:  # pragma: nocover
     pass

File demos/template/src/membership/web/views.py

 
 class SignUpHandler(BaseHandler):
 
+    lockout = locker.define(
+        name='signup attempts',
+        by_ip=dict(count=2, duration=60)
+    )
+
     @attribute
     def model(self):
         return attrdict({
             questions=questions,
             account_types=account_types)
 
+    @lockout.forbid_locked
     def post(self):
         if not self.validate_resubmission():
             self.error(self._('Your registration request has been queued. '
         del self.resubmission
         return self.see_other_for('default')
 
+    @lockout.quota
     def create_account(self, registration):
         #with self.factory('rw') as f:
         f = self.factory('rw')