Browse Source
Merge pull request #1258 from Tecnativa/9.0-auth_brute_force
[FIX] auth_brute_force: Avoid storing false login attempts
pull/1274/head
Pedro M. Baeza
7 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with
2 additions and
7 deletions
-
auth_brute_force/__openerp__.py
-
auth_brute_force/models/res_authentication_attempt.py
-
auth_brute_force/models/res_users.py
-
auth_brute_force/views/action.xml
|
|
@ -4,7 +4,7 @@ |
|
|
|
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). |
|
|
|
{ |
|
|
|
'name': 'Authentification - Brute-Force Filter', |
|
|
|
'version': '9.0.1.0.0', |
|
|
|
'version': '9.0.1.1.0', |
|
|
|
'category': 'Tools', |
|
|
|
'summary': "Track Authentication Attempts and Prevent Brute-force Attacks", |
|
|
|
'author': "GRAP, " |
|
|
|
|
|
@ -30,7 +30,6 @@ class ResAuthenticationAttempt(models.Model): |
|
|
|
remote_metadata = fields.Text( |
|
|
|
string="Remote IP metadata", |
|
|
|
compute='_compute_metadata', |
|
|
|
store=True, |
|
|
|
help="Metadata publicly available for remote IP", |
|
|
|
) |
|
|
|
whitelisted = fields.Boolean( |
|
|
|
|
|
@ -120,10 +120,6 @@ class ResUsers(models.Model): |
|
|
|
db, login, password, user_agent_env), |
|
|
|
) |
|
|
|
|
|
|
|
def check(self, db, uid, passwd): |
|
|
|
with self._auth_attempt(uid): |
|
|
|
return super(ResUsers, self).check(db, uid, passwd) |
|
|
|
|
|
|
|
@api.model |
|
|
|
def check_credentials(self, password): |
|
|
|
"""This is the most important and specific auth check method. |
|
|
|
|
|
@ -7,7 +7,7 @@ |
|
|
|
<field name="name">Authentication Attempts</field> |
|
|
|
<field name="res_model">res.authentication.attempt</field> |
|
|
|
<field name="view_type">form</field> |
|
|
|
<field name="view_mode">tree,graph</field> |
|
|
|
<field name="view_mode">tree,form,graph</field> |
|
|
|
<field name="context">{"search_default_filter_no_success":1}</field> |
|
|
|
</record> |
|
|
|
|
|
|
|