Merge pull request #3055 from jumpserver/dev_login

[Update] 用户登录失败次数提示

Merge pull request #3055 from jumpserver/dev_login
[Update] 用户登录失败次数提示
9ab6c586 · BaiJiangJie · GitHub · bb235f3e · 3d9c0a21 · 9ab6c586
Unverified Commit 9ab6c586 authored Jul 30, 2019 by BaiJiangJie Committed by GitHub Jul 30, 2019
7 changed files
--- a/apps/authentication/forms.py
+++ b/apps/authentication/forms.py
@@ -5,6 +5,8 @@ from django import forms
 from django.contrib.auth.forms import AuthenticationForm
 from django.utils.translation import gettext_lazy as _
 from captcha.fields import CaptchaField
+from django.conf import settings
+from users.utils import get_login_failed_count


 class UserLoginForm(AuthenticationForm):
@@ -16,10 +18,18 @@ class UserLoginForm(AuthenticationForm):

    error_messages = {
        'invalid_login': _(
-            "Please enter a correct username and password. Note that both "
-            "fields may be case-sensitive."
+            "The username or password you entered is incorrect, "
+            "please enter it again."
        ),
        'inactive': _("This account is inactive."),
+        'limit_login': _(
+            "You can also try {times_try} times "
+            "(The account will be temporarily locked for {block_time} minutes)"
+        ),
+        'block_login': _(
+            "The account has been locked "
+            "(please contact admin to unlock it or try again after {} minutes)"
+        )
    }

    def confirm_login_allowed(self, user):
@@ -28,6 +38,25 @@ class UserLoginForm(AuthenticationForm):
                self.error_messages['inactive'],
                code='inactive',)

+    def get_limit_login_error_message(self, username, ip):
+        times_up = settings.SECURITY_LOGIN_LIMIT_COUNT
+        times_failed = get_login_failed_count(username, ip)
+        times_try = int(times_up) - int(times_failed)
+        block_time = settings.SECURITY_LOGIN_LIMIT_TIME
+        if times_try <= 0:
+            error_message = self.error_messages['block_login']
+            error_message = error_message.format(block_time)
+        else:
+            error_message = self.error_messages['limit_login']
+            error_message = error_message.format(
+                times_try=times_try, block_time=block_time,
+            )
+        return error_message
+
+    def add_limit_login_error(self, username, ip):
+        error = self.get_limit_login_error_message(username, ip)
+        self.add_error('password', error)
+

 class UserLoginCaptchaForm(UserLoginForm):
    captcha = CaptchaField()

--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -58,6 +58,7 @@
                            {% else %}
                                <p class="red-fonts">{{ form.non_field_errors.as_text }}</p>
                            {% endif %}
+                            <p class="red-fonts">{{ form.errors.password.as_text }}</p>
                        {% endif %}

                        <div class="form-group">
@@ -78,10 +79,11 @@
                        {% endif %}

                        <div class="text-muted text-center">
-                        <div>
-                            <a href="{% url 'users:forgot-password' %}">
-                                <small>{% trans 'Forgot password' %}?</small>
-                            </a>
+                            <div>
+                                <a href="{% url 'users:forgot-password' %}">
+                                    <small>{% trans 'Forgot password' %}?</small>
+                                </a>
+                            </div>
                        </div>

                        {% if AUTH_OPENID %}

--- a/apps/authentication/templates/authentication/new_login.html
+++ b/apps/authentication/templates/authentication/new_login.html
@@ -72,9 +72,10 @@
                            <div class="contact-form col-md-10" style="margin-top: 10px;height: 35px">
                                <form id="contact-form" action="" method="post" role="form" novalidate="novalidate">
                                    {% csrf_token %}
-                                    <div style="height: 45px;color: red;line-height: 17px;">
+                                    <div style="height: 70px;color: red;line-height: 17px;">
                                        {% if block_login %}
                                            <p class="red-fonts">{% trans 'Log in frequently and try again later' %}</p>
+                                            <p class="red-fonts">{{ form.errors.password.as_text }}</p>
                                        {% elif password_expired %}
                                            <p class="red-fonts">{% trans 'The user password has expired' %}</p>
                                        {% elif form.errors %}
@@ -83,6 +84,7 @@
                                            {% else %}
                                                <p class="red-fonts">{{ form.non_field_errors.as_text }}</p>
                                            {% endif %}
+                                            <p class="red-fonts">{{ form.errors.password.as_text }}</p>
                                        {% endif %}
                                    </div>


--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -100,6 +100,7 @@ class UserLoginView(FormView):
        # limit user login failed count
        ip = get_request_ip(self.request)
        increase_login_failed_count(username, ip)
+        form.add_limit_login_error(username, ip)
        # show captcha
        cache.set(self.key_prefix_captcha.format(ip), 1, 3600)
        self.send_auth_signal(success=False, username=username, reason=reason)

--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -299,6 +299,12 @@ def increase_login_failed_count(username, ip):
    cache.set(key_limit, count, int(limit_time)*60)


+def get_login_failed_count(username, ip):
+    key_limit = key_prefix_limit.format(username, ip)
+    count = cache.get(key_limit, 0)
+    return count
+
+
 def clean_failed_count(username, ip):
    key_limit = key_prefix_limit.format(username, ip)
    key_block = key_prefix_block.format(username)
@@ -307,9 +313,8 @@ def clean_failed_count(username, ip):


 def is_block_login(username, ip):
-    key_limit = key_prefix_limit.format(username, ip)
+    count = get_login_failed_count(username, ip)
    key_block = key_prefix_block.format(username)
-    count = cache.get(key_limit, 0)

    limit_count = settings.SECURITY_LOGIN_LIMIT_COUNT
    limit_time = settings.SECURITY_LOGIN_LIMIT_TIME