1
Copyright 2010 Canonical Ltd. This software is licensed under the
2
GNU Affero General Public License version 3 (see the file LICENSE).
6
Rate limiting is enforced only on POST requests to the login screen, on
7
a per-username, per-IP basis.
8
There are two settings that control the rate at which you can submit
9
requests: no more than LOGIN_LIMIT_REQUESTS requests can be submitted every
10
LOGIN_LIMIT_MINUTES minutes.
12
So, first, let's find out how many requests is our limit
14
>>> from django.conf import settings
15
>>> limit = getattr(settings, 'LOGIN_LIMIT_REQUESTS', 20)
17
Now, we should be able to submit the login form so many times without trouble:
19
>>> browser.open('http://openid.launchpad.dev/')
20
>>> for i in range(limit):
21
... browser.getControl(name='email').value = 'something@example.com'
22
... browser.getControl(name='password').value = 'wrong'
23
... browser.getControl(name='continue').click()
24
>>> print browser.headers['status']
27
But on the next request, it should fail:
29
>>> browser.getControl(name='email').value = 'something@example.com'
30
>>> browser.getControl(name='password').value = 'wrong'
31
>>> browser.getControl(name='continue').click()
32
Traceback (most recent call last):
34
HTTPError: HTTP Error 403: FORBIDDEN
36
This shouldn't prevent us from logging in as a different user:
38
>>> browser.open('http://openid.launchpad.dev/')
39
>>> browser.getControl(name='email').value = 'test@canonical.com'
40
>>> browser.getControl(name='password').value = 'test'
41
>>> browser.getControl(name='continue').click()
42
>>> print browser.title
43
Sample Person's details