Skip to content

周伟奇 / bmw-ocr

Go to a project
Toggle navigation
Toggle navigation pinning
38e6d125 by 周伟奇
Options

fix pentest

1 parent 8900023f
Inline Side-by-side
Showing 3 changed files with 13 additions and 10 deletions
src/apps/account/views.py
...@@ -26,8 +26,9 @@ class LoginView(ObtainJSONWebToken, GenericView): ...@@ -26,8 +26,9 @@ class LoginView(ObtainJSONWebToken, GenericView):
26 26
27 def post(self, request, *args, **kwargs): 27 def post(self, request, *args, **kwargs):
28 # 登录次数限制 28 # 登录次数限制
29 remote_ip = request.META.get('HTTP_REMOTEIP', '')
29 user_name = request.data.get('username', '') 30 user_name = request.data.get('username', '')
30 times = rh.get_login_times(user_name) 31 times = rh.get_login_times(remote_ip)
31 if isinstance(times, int) and times >= LOGIN_TIMES_LIMIT: 32 if isinstance(times, int) and times >= LOGIN_TIMES_LIMIT:
32 raise self.invalid_params(msg="重试次数限制") 33 raise self.invalid_params(msg="重试次数限制")
33 34
...@@ -35,7 +36,7 @@ class LoginView(ObtainJSONWebToken, GenericView): ...@@ -35,7 +36,7 @@ class LoginView(ObtainJSONWebToken, GenericView):
35 self.running_log.info('[users.login] username: {0}'.format(user_name)) 36 self.running_log.info('[users.login] username: {0}'.format(user_name))
36 37
37 if res.status_code == status.HTTP_400_BAD_REQUEST: 38 if res.status_code == status.HTTP_400_BAD_REQUEST:
38 rh.set_login_times(user_name, LOGIN_TIMES_LIMIT_EXPIRES) 39 rh.set_login_times(remote_ip, LOGIN_TIMES_LIMIT_EXPIRES)
39 raise self.invalid_params(msg="用户名或密码错误") 40 raise self.invalid_params(msg="用户名或密码错误")
40 serializer = self.get_serializer(data=request.data) 41 serializer = self.get_serializer(data=request.data)
41 serializer.is_valid() 42 serializer.is_valid()
......
src/apps/doc/views.py
...@@ -1005,10 +1005,10 @@ class DocView(GenericView, DocHandler): ...@@ -1005,10 +1005,10 @@ class DocView(GenericView, DocHandler):
1005 1005
1006 1006
1007 class CompareResultView(GenericView): 1007 class CompareResultView(GenericView):
1008 permission_classes = [] 1008 # permission_classes = []
1009 authentication_classes = [] 1009 # authentication_classes = []
1010 # permission_classes = [IsAuthenticated] 1010 permission_classes = [IsAuthenticated]
1011 # authentication_classes = [OAuth2AuthenticationWithUser] 1011 authentication_classes = [OAuth2AuthenticationWithUser]
1012 1012
1013 # 获取比对结果 1013 # 获取比对结果
1014 @use_args(compare_result_args, location='querystring') 1014 @use_args(compare_result_args, location='querystring')
...@@ -1307,10 +1307,10 @@ class SEContractView(GenericView): ...@@ -1307,10 +1307,10 @@ class SEContractView(GenericView):
1307 1307
1308 1308
1309 class AutoSettlementView(GenericView): 1309 class AutoSettlementView(GenericView):
1310 permission_classes = [] 1310 # permission_classes = []
1311 authentication_classes = [] 1311 # authentication_classes = []
1312 # permission_classes = [IsAuthenticated] 1312 permission_classes = [IsAuthenticated]
1313 # authentication_classes = [OAuth2AuthenticationWithUser] 1313 authentication_classes = [OAuth2AuthenticationWithUser]
1314 1314
1315 # 获取auto settlement列表 1315 # 获取auto settlement列表
1316 @use_args(auto_list_args, location='querystring') 1316 @use_args(auto_list_args, location='querystring')
......
src/common/redis_cache/handler.py
...@@ -78,6 +78,8 @@ class RedisHandler: ...@@ -78,6 +78,8 @@ class RedisHandler:
78 return self.redis.get('{0}:{1}'.format(self.login_limit_key, user_name)) 78 return self.redis.get('{0}:{1}'.format(self.login_limit_key, user_name))
79 79
80 def set_login_times(self, user_name, expires=None): 80 def set_login_times(self, user_name, expires=None):
81 if user_name == '':
82 return
81 key = '{0}:{1}'.format(self.login_limit_key, user_name) 83 key = '{0}:{1}'.format(self.login_limit_key, user_name)
82 self.redis.incr(key) 84 self.redis.incr(key)
83 if isinstance(expires, int): 85 if isinstance(expires, int):
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!