app_settings: enable login rate limiting by default (#50771)

2021-02-24 11:01:57 +01:00 · 2021-02-24 11:01:57 +01:00 · 2f42606265
parent 8a543226bf
commit 2f42606265
2 changed files with 3 additions and 2 deletions
--- a/src/authentic2/app_settings.py
+++ b/src/authentic2/app_settings.py
@ -267,8 +267,8 @@ default_settings = dict(
        definition='exponential backoff factor duration as seconds until '
        'next try after a login failure'),
    A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION=Setting(
-        default=0,
-        definition='exponential backoff base factor duration as secondss '
+        default=1,
+        definition='exponential backoff base factor duration as seconds '
        'until next try after a login failure'),
    A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION=Setting(
        default=3600,
--- a/tests/test_login.py
+++ b/tests/test_login.py
@ -113,6 +113,7 @@ def test_redirect_login_to_homepage(db, app, settings, simple_user, superuser):


 def test_exponential_backoff(db, app, settings):
+    settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION = 0
    response = app.get('/login/')
    response.form.set('username', '')
    response.form.set('password', 'zozo')