djblets.auth.ratelimit¶

Utilities for rate-limiting login attempts.

RATE_LIMIT_LOGIN = 0[source]¶

Available rate limit categories.

DEFAULT_LOGIN_LIMIT_RATE = '5/m'[source]¶

The default rate limit for logins.

DEFAULT_API_ANONYMOUS_LIMIT_RATE = '1000/h'[source]¶

The default rate limit for anonymous API requests.

DEFAULT_API_AUTHENTICATED_LIMIT_RATE = '10000/h'[source]¶

The default rate limit for authenticated API requests.

get_user_id_or_ip(request)[source]¶

Return the user’s ID or IP address from the given HTTP request.

Parameters

request (django.http.HttpRequest) – The HTTP request from the client.

Returns

If the user is authenticated, the user ID will be returned. Otherwise, the IP address of the client is returned instead.

Return type

unicode

is_ratelimited(request, increment=False, limit_type=0)[source]¶

Check whether the user or IP address has exceeded the rate limit.

The parameters are used to create a new key or fetch an existing key to save or update to the cache and to determine the amount of time period left.

Parameters

• request (django.http.HttpRequest) – The HTTP request from the client.

• increment (bool, optional) – Whether the number of login attempts should be incremented.

• limit_type (int, optional) – The type of rate limit to check.

Returns

Whether the current user has exceeded the rate limit of login attempts.

Return type

bool

get_usage_count(request, increment=False, limit_type=0)[source]¶

Return rate limit status for a given user or IP address.

This method performs validation checks on the input parameters and creates the cache key to keep track of the number of login attempts made by the user. It saves the new cache key and initial number of attempts or updates the existing cache key and number of attempts before returning the count, limit, and time_left.

Parameters

• request (django.http.HttpRequest) – The HTTP request from the client.

• increment (bool, optional) – Whether the number of login attempts should be incremented.

• limit_type (int, optional) – The type of rate limit to check.

Returns

A dictionary with the following keys:

count (int):

The number of login attempts made.

limit (int):

The number of attempts allowed.

time_left (int):

The time left before rate limit is over.

Return type

dict

class Rate(count, seconds)[source]¶

A rate representing login attempt frequency.

The main functionality of this class is found in the parse() function. This class converts a rate into a Rate object, which contains the number of login attempts allowed within a time period based on a given rate string.

RATE_RE = re.compile('(\\d+)/(\\d*)([smhd])?')[source]¶

Regular expression that interprets the rate string.

classmethod parse(rate_str)[source]¶

Return a Rate parsed from the given rate string.

Converts the given rate string into a Rate object, which contains the number of login attempts allowed (count) and the time period alotted for these attempts (seconds).

Parameters

rate (unicode) – The number of attempts allowed within a period of time (can be seconds, minutes, hours, or days).

Returns

A Rate object that returns the number of login attempts allowed (count), and the total time period for these attempts (seconds).

Return type

Rate