diff --git a/paramecio2/modules/admin/app.py b/paramecio2/modules/admin/app.py index 5db6aa8..042d3dc 100644 --- a/paramecio2/modules/admin/app.py +++ b/paramecio2/modules/admin/app.py @@ -1,9 +1,10 @@ from flask import Blueprint, redirect, session, url_for, request, g, make_response, abort from settings import config from paramecio2.libraries.i18n import I18n +from paramecio2.libraries.datetime import now, format_local_strtime, timestamp_to_datetime, obtain_timestamp from paramecio2.libraries.formsutils import show_form, generate_csrf, set_extra_forms_user, pass_values_to_form from paramecio2.libraries.db.webmodel import WebModel -from paramecio2.modules.admin.models.admin import UserAdmin +from paramecio2.modules.admin.models.admin import UserAdmin, LoginTries from paramecio2.libraries.keyutils import create_key_encrypt, create_key from time import time import os, sys @@ -249,6 +250,8 @@ def login(): sendmail.send(config.portal_email, [arr_user['email']], I18n.lang('admin', 'code_for_complete_login', 'Code for complete login'), I18n.lang('admin', 'code_for_complete_login_explain', 'We send to you a code for activate your account using double authentication:')+"\n"+token_auth, content_type='plain', attachments=[]) + arr_update['last_login']=now() + if len(arr_update)>0: user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update) @@ -263,11 +266,15 @@ def login(): else: - - return {'error': 1, 'csrf_token': generate_csrf()} + + you_cannot_login=check_login_tries() + + return {'error': 1, 'you_cannot_login': you_cannot_login} else: - return {'error': 1, 'csrf_token': generate_csrf()} + you_cannot_login=check_login_tries() + + return {'error': 1, 'you_cannot_login': you_cannot_login} #if @@ -356,10 +363,16 @@ def auth_check(): user_admin=UserAdmin(g.connection) + user_admin.check_user=False + c=user_admin.set_conditions('WHERE id=%s AND token_auth=%s', [session['user_id'], code]).select_count() if c==1: + user_admin.safe_query() + + user_admin.set_conditions('WHERE id=%s', [session['user_id']]).update({'token_auth': ''}) + session['verify_auth']=True error=0 @@ -369,3 +382,41 @@ def auth_check(): def recovery_password(): return "" + +def check_login_tries(): + + logintries=LoginTries(g.connection) + + logintries.safe_query() + + if request.headers.getlist("X-Forwarded-For"): + ip=request.headers.getlist("X-Forwarded-For")[0] + else: + ip=request.remote_addr + + you_cannot_login=0 + + arr_try=logintries.set_conditions('WHERE ip=%s', [ip]).select_a_row_where() + + now_str=now() + date_now=format_local_strtime('YYYY-MM-DD HH:mm:ss', now_str) + + date_check=format_local_strtime('YYYY-MM-DD HH:mm:ss', timestamp_to_datetime(obtain_timestamp(now_str)-300)) + + logintries.query('delete from logintries where last_login<%s', [date_check]) + + if arr_try: + + if arr_try['num_tries']<5: + + logintries.query('update logintries set num_tries=num_tries+1, last_login=%s WHERE ip=%s', [date_now, ip]) + + else: + + you_cannot_login=1 + + else: + + logintries.query('insert into logintries (`ip`, `num_tries`, `last_login`) VALUES (%s, %s, %s)', [ip, 1, date_now]) + + return you_cannot_login diff --git a/paramecio2/modules/admin/models/admin.py b/paramecio2/modules/admin/models/admin.py index a748c6d..6b39303 100644 --- a/paramecio2/modules/admin/models/admin.py +++ b/paramecio2/modules/admin/models/admin.py @@ -7,6 +7,8 @@ from paramecio2.libraries.db import corefields from paramecio2.libraries.db.extrafields.emailfield import EmailField from paramecio2.libraries.db.extrafields.passwordfield import PasswordField from paramecio2.libraries.db.extrafields.langfield import LangField +from paramecio2.libraries.db.extrafields.datetimefield import DateTimeField +from paramecio2.libraries.db.extrafields.ipfield import IpField class PrivilegesField(corefields.IntegerField): @@ -92,8 +94,21 @@ class UserAdmin(UserModel): self.register(corefields.BooleanField('double_auth')) - self.register(corefields.IntegerField('num_tries', 1)) + #self.register(corefields.IntegerField('num_tries', 1)) + self.register(DateTimeField('last_login')) + +class LoginTries(UserModel): + + #def create_fields(self): + def __init__(self, connection=None): + + super().__init__(connection) + self.register(IpField('ip')) + self.register(corefields.IntegerField('num_tries', 1)) + self.register(DateTimeField('last_login')) + + """ user_admin=WebModel('user_admin') diff --git a/paramecio2/modules/admin/templates/login.phtml b/paramecio2/modules/admin/templates/login.phtml index 4ee5ce7..26b0654 100644 --- a/paramecio2/modules/admin/templates/login.phtml +++ b/paramecio2/modules/admin/templates/login.phtml @@ -60,7 +60,21 @@ $('#username_error').html("${lang('common', 'error_disabled', 'Error, your user is disabled, you need support of web administration')}"); - } else { + } if(data.hasOwnProperty('you_cannot_login')) { + + if(data.you_cannot_login) { + + $('#username_error').html("${lang('common', 'error_tries_disabled', 'Error, excessive tries, wait some minutes for login again')}"); + + } + else { + + $('#username_error').html("${lang('common', 'error_login', 'Error, wrong username or password')}"); + + } + + } + else { $('#username_error').html("${lang('common', 'error_login', 'Error, wrong username or password')}");