Skip to content

Instantly share code, notes, and snippets.

@nitely

nitely/decorators.py

Created March 20, 2013 04:20
Show Gist options
  • Save nitely/5202285 to your computer and use it in GitHub Desktop.
Save nitely/5202285 to your computer and use it in GitHub Desktop.
Download ZIP
Django, django-ratelimit on login admin view
Raw
decorators.py
#-*- coding: utf-8 -*-
from django.contrib import messages
from django.core.urlresolvers import reverse
from django.shortcuts import redirect
# https://github.com/jsocol/django-ratelimit
from ratelimit.decorators import ratelimit
def login_wrapper(login_func):
@ratelimit(method='POST', field='username', rate='5/5m')
def admin_login(request, **kwargs):
if getattr(request, 'limited', False): # was_limited
messages.error(request, 'Too many login attemps, please wait 5 minutes')
return redirect(reverse("admin:index"))
else:
return login_func(request, **kwargs)
return admin_login
Raw
urls.py
from django.conf.urls import patterns, include, url
from django.contrib import admin
from admin_login.decorators import login_wrapper
admin.autodiscover()
admin.site.login = login_wrapper(admin.site.login) # rate limit
urlpatterns = patterns('',
# ...
# Uncomment the next line to enable the admin:
url(r'^admin/', include(admin.site.urls)),
)
@nitely
Copy link
Author

nitely commented Mar 20, 2013

Prevents brute force attacks to the admin login on Django sites.
Requires: https://github.com/jsocol/django-ratelimit

You should also "rate limit" your regular login view.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment