perbaikan logika validasi login untuk mencegah percobaan login berlebihan

aa.gustiana@gmail.com
Commit fc0f3987 authored Mar 17, 2026 by aa.gustiana@gmail.com
Showing 2 changed files with 17 additions and 18 deletions
opensipkd/base/views/base_views.py
opensipkd/base/views/user_login.py
--- a/opensipkd/base/views/base_views.py
+++ b/opensipkd/base/views/base_views.py
@@ -12,7 +12,7 @@ from deform import (widget, Form, ValidationFailure, FileData, )
 from deform.widget import SelectWidget
 from pyramid.httpexceptions import HTTPFound, HTTPNotFound
 from pyramid.request import Response
-from sqlalchemy import Table, values
+from sqlalchemy import Table
 # from opensipkd.base.views.upload import tmpstore
 from opensipkd.tools.captcha import img_captcha
@@ -21,6 +21,7 @@ from opensipkd.tools import dmy, get_settings, get_ext, \
 from opensipkd.tools.buttons import (
    btn_save, btn_cancel, btn_close, btn_delete, btn_add, btn_csv, btn_edit,
    btn_pdf, btn_upload)
 # from opensipkd.tools.captcha import get_captcha
 from opensipkd.tools.report import csv_response, file_response
 from opensipkd.base import BASE_CLASS
@@ -214,10 +215,10 @@ class BaseView(object):
            'tahun_awal'] or self.tahun_awal
        self.ses['tahun_awal'] = self.tahun_awal
-        self.tahun_akhir = 'tahun_akhir' in self.ses and self.ses[
+        self.tahun_akhir = 'tahun_akhir' in self.ses and \
-            'tahun_akhir'] or self.tahun_awal
+            self.ses['tahun_akhir'] or self.tahun_awal
-        self.tahun_akhir = 'tahun_akhir' in self.params and self.params[
+        self.tahun_akhir = 'tahun_akhir' in self.params and \
-            'tahun_akhir'] or self.tahun_akhir
+            self.params['tahun_akhir'] or self.tahun_akhir
        self.ses['tahun_akhir'] = self.tahun_akhir
        """

--- a/opensipkd/base/views/user_login.py
+++ b/opensipkd/base/views/user_login.py
@@ -82,16 +82,7 @@ class Login(CSRFSchema):
 def login_validator(form, value):
    exc = colander.Invalid(form, 'Terlalu banyak percobaan')
    request = form.request
-    if request.session.get("login_failed", 0) > 3:
-        # message = "Login Gagal, terlalu banyak percobaan"
-        login_blocked = request.session.ses["login_blocked"]
-        if login_blocked and login_blocked > datetime.now():
-            exc = colander.Invalid(
-                form,
-                'Login Gagal, terlalu banyak percobaan, silahkan coba lagi setelah {}'
-                .format(dmyhms(login_blocked))
-            )
-            raise exc
 def get_login_headers(request, user):
@@ -113,11 +104,18 @@ class LoginUser(object):
        self.message = "Sukses Login"
        self.user = None
        self.ses = request.session
-        self.ses["login_failed"] = self.ses.get("login_failed", 0)
+        self.login_failed = self.ses.get("login_failed", 0)
-        self.ses["login_blocked"] = self.ses.get("login_blocked")
+        self.login_blocked = self.ses.get("login_blocked", None)
    def login(self, values, user=None):
        settings = get_settings()
+        if self.login_failed > 3:
+            # message = "Login Gagal, terlalu banyak percobaan"
+            if self.login_blocked and self.login_blocked > datetime.now():
+                self.message= 'Login Gagal, terlalu banyak percobaan, silahkan coba lagi setelah {}'\
+                    .format(dmyhms(self.login_blocked))
+                return 
        self.user = user and user or User.get_by_identity(values["username"])
        if not self.user or not UserService.check_password(
                self.user, values["password"]):
@@ -126,7 +124,7 @@ class LoginUser(object):
            self.ses["login_failed"] += self.ses.get("login_failed", 0) + 1
            if self.ses["login_failed"] > 3:
                self.ses["login_blocked"] = datetime.now() + \
-                    timedelta(minutes=settings.get("login_blocked_minutes", 1))
+                    timedelta(minutes=int(settings.get("login_blocked_minutes", 1)))
            return
        self.ses["login_failed"] = 0
        self.ses["login_blocked"] = None