I was playing around with James Socol’s django-ratelimit tonight. It provides a decorator to rate-limit view functions. Very nice! I wanted to use it for login blocking, and some minor changes helped this out. My forked version of django-ratelimit is a available on GitHub It adds a message when a call is blocked and the ability to clear the count for given user.
Adding it to django-userena sign-in was as simple as:
from ratelimit.decorators import ratelimit, clear @ratelimit(field='identification',rate="5/m", method="POST", block=True, error_message="You have too many invalid login attempts. Please try again later") @secure_required def signin(request, auth_form=AuthenticationForm,..... . . . #after successful login clear(request, field='identification') ### clear rate limiting