Add support for reduced initial build count for new possible abusing users

If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:01:05 +03:00 · 2018-04-20 18:01:05 +03:00 · 3309daa32e
commit 3309daa32e
parent 8d5e8fc685
7 changed files with 81 additions and 28 deletions
--- a/data/model/user.py
+++ b/data/model/user.py
@ -37,12 +37,14 @@ def hash_password(password, salt=None):
  salt = salt or bcrypt.gensalt()
  return bcrypt.hashpw(password.encode('utf-8'), salt)

-def create_user(username, password, email, auto_verify=False, email_required=True, prompts=tuple()):
+def create_user(username, password, email, auto_verify=False, email_required=True, prompts=tuple(),
+                is_possible_abuser=False):
  """ Creates a regular user, if allowed. """
  if not validate_password(password):
    raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)

-  created = create_user_noverify(username, email, email_required=email_required, prompts=prompts)
+  created = create_user_noverify(username, email, email_required=email_required, prompts=prompts,
+                                 is_possible_abuser=is_possible_abuser)
  created.password_hash = hash_password(password)
  created.verified = auto_verify
  created.save()
@ -50,7 +52,8 @@ def create_user(username, password, email, auto_verify=False, email_required=Tru
  return created


-def create_user_noverify(username, email, email_required=True, prompts=tuple()):
+def create_user_noverify(username, email, email_required=True, prompts=tuple(),
+                         is_possible_abuser=False):
  if email_required:
    if not validate_email(email):
      raise InvalidEmailAddressException('Invalid email address: %s' % email)
@ -82,6 +85,11 @@ def create_user_noverify(username, email, email_required=True, prompts=tuple()):
  try:
    default_expr_s = _convert_to_s(config.app_config['DEFAULT_TAG_EXPIRATION'])
    default_max_builds = config.app_config.get('DEFAULT_NAMESPACE_MAXIMUM_BUILD_COUNT')
+    threat_max_builds = config.app_config.get('THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT')
+
+    if is_possible_abuser and threat_max_builds is not None:
+      default_max_builds = threat_max_builds
+
    new_user = User.create(username=username, email=email, removed_tag_expiration_s=default_expr_s,
                           maximum_queued_builds_count=default_max_builds)
    for prompt in prompts: