[web2py] Failed login attempt lockout

Thu, 18 Sep 2014 13:14:08 -0700 

Needed a way to lock a user account on three failed attempts. I started off 
by doing the following...

def checkuser():
    a = request.vars.username
    b = db((db.auth_user.username==str(a))).select().first()
    if b is not None:
        b.update_record(Attempts=b.Attempts + 1)
        
def loginonval(form):
    form = form
    a = form.vars.username
    b = db((db.auth_user.username==str(a))).select().first().Attempts
    session.leetspeak = 1337
    if b >2:
        redirect(URL('default','accountlock'))

auth.settings.login_onfail = checkuser()
auth.settings.login_onvalidation = [lambda form: loginonval(form)]

Also onaccept callback for login I update the value back to 0. My issue is 
finding out where the logic for locking someone out should be placed. The 
above works fine I guess but I'm wondering if this is best practice.
Secondly I was shocked this feature didn't already exist within web2py 
which lead me to believe that 9/10 there is a security reason. Are there 
any concerns that I should be worried about?

-- 
This message is for named person(s) only.  It may contain confidential 
and/or legally privileged information.  No confidentiality or privilege is 
waived or lost should mis-transmission occur.  If you receive this message 
in error, delete it (and all copies) and notify the sender.  You must not, 
directly or indirectly,use, disclose, distribute, print, or copy any part 
of this message if you are not the intended recipient. GAD GROUP 
TECHNOLOGY, INC. reserves the right to monitor all e-mail communications 
through its networks.

Any views expressed in this message are those of the individual sender, 
except where the message states otherwise and the sender is authorized to 
state them to be the views of any such entity.

This e-mail has been virus and content scanned by GAD GROUP TECHNOLOGY, INC.

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to