From: dbs Date: Fri, 9 Apr 2010 03:32:58 +0000 (+0000) Subject: Implement some password request throttling X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=7682c8f622017f441b07e6fe5b0bcd6f782078a6;p=working%2FEvergreen.git Implement some password request throttling git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_1_6@16189 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm index 4fb98c1c3e..ccf961612a 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm @@ -3409,6 +3409,10 @@ sub _reset_password_request { { column => 'uuid', transform => 'COUNT' + }, + { + column => 'request_time', + transform => 'MAX' } ] }, @@ -3418,8 +3422,16 @@ sub _reset_password_request { } }); + my $last_request = DateTime::Format::ISO8601->parse_datetime(clense_ISO8601($active_requests->[0]->{'request_time'})); + my $now = DateTime::Format::ISO8601->new(); + # 3. if (num_active > throttle_threshold) and (now - last_request < 1 minute) - # ... delay - set cache - return event correspondingly ... + if (($active_requests->[0]->{'usr'} > $aupr_throttle) && + ($last_request->add_duration('1 minute') > $now)) { + $cache->put_cache('open-ils.actor.password.throttle', DateTime::Format::ISO8601->new(), 60); + $e->die_event; + return OpenILS::Event->new('PATRON_TOO_MANY_ACTIVE_PASSWORD_RESET_REQUESTS'); + } # TODO Check to see if the user is in a password-reset-restricted group @@ -3490,6 +3502,11 @@ sub commit_password_reset { # Check to see if password reset requests are already being throttled: # 0. Check cache to see if we're in throttle mode (avoid hitting database) + $cache ||= OpenSRF::Utils::Cache->new("global", 0); + my $throttle = $cache->get_cache('open-ils.actor.password.throttle') || undef; + if ($throttle) { + return OpenILS::Event->new('PATRON_NOT_AN_ACTIVE_PASSWORD_RESET_REQUEST'); + } my $e = new_editor(xact => 1);