I was playing around with James Socol’s django-ratelimit tonight. It provides a decorator to rate-limit view functions. Very nice! I wanted to use it for login blocking, and some minor changes helped this out. My forked version of django-ratelimit is a available on GitHub It adds a message when a call is blocked and the ability to clear the count for given user.
Adding it to django-userena sign-in was as simple as:
in userena/views.py:
from ratelimit.decorators import ratelimit, clear
@ratelimit(field='identification',rate="5/m", method="POST", block=True, error_message="You have too many invalid login attempts. Please try again later")
@secure_required
def signin(request, auth_form=AuthenticationForm,.....
.
.
.
#after successful login
clear(request, field='identification') ### clear rate limiting