3

In my Django application, If the user enters the wrong password more than 7 times, then I want to suspend/deactivate their account for 10 seconds.

I perform an If statement to see if the wrong password has been inputted more than 7 times, and that works fine.

Inside the if statement, I want to set user.is_active to False for 10 seconds so they cannot login. After 10 seconds has passed, I want user.is_active to be set back to True so they can attempt to login again.

How would I implement this functionality? Thank you.

Update - views.py:

if user.active_after > current:
                    return JsonResponse({'message': 'Yes! Not locked'}, status=200)

models.py

active_after = models.DateTimeField(auto_now=True)

Error I receive: TypeError: can't compare offset-naive and offset-aware datetimes

Does anyone know how to fix this?

NodeReact020
  • 486
  • 5
  • 23
  • The obvious way is to put `sleep(10)` in the code. If that isn't what you want, please elaborate. – John Gordon Oct 22 '19 at 22:27
  • @JohnGordon Django could be deployed under a parallel request handler system. In that case, let say, if user try another password in another tab simultaneously, server test that password since user profile is not deactivated properly! – aminrd Oct 22 '19 at 22:41
  • @aminrd I was hoping to gently prompt the OP to consider issues just like that. – John Gordon Oct 22 '19 at 22:42

1 Answers1

1

One way is to preventing user in Front-end (i.e. using javascript, ....). If you want to add in backend as well, you can add datetime field such as user.active_after which each model should only be active after that time.

Then when you got a wrong password, you can change that field to: 

current =  datetime.datetime.now()

# add 10 seconds to current time
user.active_after = current + datetime.timedelta(0,10)
aminrd
  • 4,300
  • 4
  • 23
  • 45
  • Thank you for the response. How would you implement the functionality where a user can only be active after the **user.active_after** time. – NodeReact020 Oct 23 '19 at 14:45
  • @eweee You can check the current time before doing anything ( e.g. checking another password try). If that time is less than ‘active_after’ stop doing it. Otherwise, you realize the user is active. – aminrd Oct 23 '19 at 15:19
  • I attempt to add the functionality you requested, however I keep encountering this error. Do you know how to resolve this? – NodeReact020 Oct 23 '19 at 15:42
  • @eweee Well, that's a different story. You can find the answer to new question here: https://stackoverflow.com/questions/15307623/cant-compare-naive-and-aware-datetime-now-challenge-datetime-end/15307743 – aminrd Oct 23 '19 at 15:46
  • Thank you for all the support you have given. I am now on the right tracks. – NodeReact020 Oct 23 '19 at 15:59