Add support for reduced initial build count for new possible abusing users

If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:01:05 +03:00 · 2018-04-20 18:01:05 +03:00 · 3309daa32e
commit 3309daa32e
parent 8d5e8fc685
7 changed files with 81 additions and 28 deletions
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@ -6,7 +6,8 @@ from flask import request

 import features

-from app import billing as stripe, avatar, all_queues, authentication, namespace_gc_queue
+from app import (billing as stripe, avatar, all_queues, authentication, namespace_gc_queue,
+                 ip_resolver)
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
                           related_user_resource, internal_only, require_user_admin, log_action,
                           show_if, path_param, require_scope, require_fresh_login)
@ -111,9 +112,11 @@ class OrganizationList(ApiResource):
    if features.MAILING and not org_data.get('email'):
      raise request_error(message='Email address is required')

+    is_possible_abuser = ip_resolver.is_ip_possible_threat(request.remote_addr)
    try:
      model.organization.create_organization(org_data['name'], org_data.get('email'), user,
-                                             email_required=features.MAILING)
+                                             email_required=features.MAILING,
+                                             is_possible_abuser=is_possible_abuser)
      return 'Created', 201
    except model.DataModelException as ex:
      raise request_error(exception=ex)
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -12,7 +12,7 @@ from peewee import IntegrityError
 import features

 from app import (app, billing as stripe, authentication, avatar, user_analytics, all_queues,
-                 oauth_login, namespace_gc_queue)
+                 oauth_login, namespace_gc_queue, ip_resolver)

 from auth import scopes
 from auth.auth_context import get_authenticated_user
@ -455,12 +455,14 @@ class User(ApiResource):
          'message': 'Are you a bot? If not, please revalidate the captcha.'
        }, 400

+    is_possible_abuser = ip_resolver.is_ip_possible_threat(request.remote_addr)
    try:
      prompts = model.user.get_default_user_prompts(features)
      new_user = model.user.create_user(user_data['username'], user_data['password'],
                                        user_data.get('email'),
                                        auto_verify=not features.MAILING,
                                        email_required=features.MAILING,
+                                        is_possible_abuser=is_possible_abuser,
                                        prompts=prompts)

      email_address_confirmed = handle_invite_code(invite_code, new_user)