Skip to content

Commit

Permalink
fix rate limit for MFA setup endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@dantownsend
dantownsend committed Aug 20, 2024
1 parent 6672ef9 commit 5299d87
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 17 deletions.
32 changes: 19 additions & 13 deletions piccolo_admin/endpoints.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ def __init__(
allowed_hosts: t.Sequence[str] = [],
debug: bool = False,
sidebar_links: t.Dict[str, str] = {},
mfa_provider: t.Optional[MFAProvider] = None,
mfa_providers: t.Optional[t.Sequence[MFAProvider]] = None,
) -> None:
super().__init__(
title=site_name,
Expand Down Expand Up @@ -690,17 +690,23 @@ def __init__(
#######################################################################
# MFA

if mfa_provider:
private_app.mount(
path="/mfa-setup/",
app=RateLimitingMiddleware(
app=mfa_setup(
provider=mfa_provider,
auth_table=self.auth_table,
if mfa_providers:
if len(mfa_providers) > 1:
raise ValueError(
"Only a single mfa_provider is currently supported."
)

for mfa_provider in mfa_providers:
private_app.mount(
path="/mfa-setup/",
app=RateLimitingMiddleware(
app=mfa_setup(
provider=mfa_provider,
auth_table=self.auth_table,
),
provider=InMemoryLimitProvider(limit=5, timespan=300),
),
provider=rate_limit_provider,
),
)
)

#######################################################################

Expand Down Expand Up @@ -1106,7 +1112,7 @@ def create_admin(
allowed_hosts: t.Sequence[str] = [],
debug: bool = False,
sidebar_links: t.Dict[str, str] = {},
mfa_provider: t.Optional[MFAProvider] = None,
mfa_providers: t.Optional[t.Sequence[MFAProvider]] = None,
):
"""
:param tables:
Expand Down Expand Up @@ -1273,5 +1279,5 @@ def create_admin(
allowed_hosts=allowed_hosts,
debug=debug,
sidebar_links=sidebar_links,
mfa_provider=mfa_provider,
mfa_providers=mfa_providers,
)
10 changes: 6 additions & 4 deletions piccolo_admin/example.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -616,10 +616,12 @@ def booking_endpoint(request: Request, data: BookingModel) -> str:
"Top Movies": "/#/movie?__order=-box_office",
"Google": "https://google.com",
},
mfa_provider=AuthenticatorProvider(
db_encryption_key="wqsOqyTTEsrWppZeIMS8a3l90yPUtrqT48z7FS6_U8g=",
secret_table=AuthenticatorSecret,
),
mfa_providers=[
AuthenticatorProvider(
db_encryption_key="wqsOqyTTEsrWppZeIMS8a3l90yPUtrqT48z7FS6_U8g=",
secret_table=AuthenticatorSecret,
),
],
)


Expand Down

0 comments on commit 5299d87

Please sign in to comment.