[SECURITY] Rate limiting for login

2020-12-22 09:54:34 +01:00
parent 8889d8441e
commit 7c0df5b755
2 changed files with 34 additions and 2 deletions
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -78,11 +78,11 @@ def login(request):
            return redirect(next_url)
        return redirect(reverse('control:index'))
    if request.method == 'POST':
-        form = LoginForm(backend=backend, data=request.POST)
+        form = LoginForm(backend=backend, data=request.POST, request=request)
        if form.is_valid() and form.user_cache and form.user_cache.auth_backend == backend.identifier:
            return process_login(request, form.user_cache, form.cleaned_data.get('keep_logged_in', False))
    else:
-        form = LoginForm(backend=backend)
+        form = LoginForm(backend=backend, request=request)
    ctx['form'] = form
    ctx['can_register'] = settings.PRETIX_REGISTRATION
    ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET