This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 1fb4289 Set a limit for phone verification attempts
1fb4289 is described below
commit 1fb428954dc2e7ccabca2556a94b5025e55038b8
Author: Guillermo Cruz <[email protected]>
AuthorDate: Thu Apr 15 15:06:48 2021 -0600
Set a limit for phone verification attempts
---
Allura/allura/lib/plugin.py | 9 +++++++++
Allura/allura/tests/test_plugin.py | 25 +++++++++++++++++++++++++
Allura/development.ini | 1 +
3 files changed, 35 insertions(+)
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 86806ee..b257198 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -910,6 +910,15 @@ class ProjectRegistrationProvider(object):
if not allow_reuse and
M.User.query.find({'tool_data.phone_verification.number_hash':
number_hash}).count():
return {'status': 'error',
'error': 'That phone number has already been used.'}
+ count = user.get_tool_data('phone_verification', 'count') or 0
+ attempt_limit = config.get('phone.attempts_limit', '5')
+ if count == int(attempt_limit):
+ msg = 'Maximum phone verification attempts reached.'
+ h.auditlog_user(msg, user=user)
+ return {'status': 'error',
+ 'error': msg
+ }
+ user.set_tool_data('phone_verification', count=count + 1)
log.info('PhoneService going to send a verification for: %s',
user.username)
return g.phone_service.verify(number)
diff --git a/Allura/allura/tests/test_plugin.py
b/Allura/allura/tests/test_plugin.py
index f7d8960..07254a6 100644
--- a/Allura/allura/tests/test_plugin.py
+++ b/Allura/allura/tests/test_plugin.py
@@ -167,6 +167,7 @@ class
TestProjectRegistrationProviderPhoneVerification(object):
self.user = UserMock()
self.nbhd = MagicMock()
+
def test_phone_verified_disabled(self):
with h.push_config(tg.config, **{'project.verify_phone': 'false'}):
assert_true(self.p.phone_verified(self.user, self.nbhd))
@@ -251,6 +252,30 @@ class
TestProjectRegistrationProviderPhoneVerification(object):
audit.assert_called_once_with(
'Phone verification succeeded. Hash: hash', user=self.user)
+ @patch.object(plugin, 'g')
+ def test_verify_phone_max_limit_not_reached(self, g):
+ g.phone_service = Mock(spec=phone.PhoneService)
+ user = UserMock()
+ user.is_anonymous = lambda: True
+ with h.push_config(tg.config, **{'project.verify_phone': 'true',
'phone.attempts_limit': '5'}):
+ for i in range(1, 3):
+ result = self.p.verify_phone(user, '123 45 45')
+ assert_equal(result, g.phone_service.verify.return_value)
+ assert_equal(2, g.phone_service.verify.call_count)
+
+ @patch.object(plugin, 'g')
+ def test_verify_phone_max_limit_reached(self, g):
+ g.phone_service = Mock(spec=phone.PhoneService)
+ user = UserMock()
+ user.is_anonymous = lambda: True
+ with h.push_config(tg.config, **{'project.verify_phone': 'true',
'phone.attempts_limit': '5'}):
+ for i in range(1, 7):
+ result = self.p.verify_phone(user, '123 45 45')
+ if i > 5:
+ assert_equal(result, {'status': 'error', 'error': 'Maximum
phone verification attempts reached.'})
+ else:
+ assert_equal(result, g.phone_service.verify.return_value)
+ assert_equal(5, g.phone_service.verify.call_count)
class TestThemeProvider(object):
diff --git a/Allura/development.ini b/Allura/development.ini
index 3d21fd4..6f4a084 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -272,6 +272,7 @@ spam.form_post_expiration = 345600
; phone.api_secret =
; Language to use, if provider supports it. Values for Nexmo Verify:
https://docs.nexmo.com/index.php/verify#localization
; phone.lang = en-us
+phone.attempts_limit = 5
; Use phone verification on project registration (false by default)
; project.verify_phone = true
