From: Michael Tremer Date: Tue, 19 Nov 2019 14:32:50 +0000 (+0000) Subject: Drop checking URL blacklists to block users X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d69f4f136a041462fb0ff521d22d1cef26c01889;p=ipfire.org.git Drop checking URL blacklists to block users This simply does not work because of too many false-positives and some bad handling of DNS lookups in the webapp Signed-off-by: Michael Tremer --- diff --git a/src/web/auth.py b/src/web/auth.py index e20a553c..bf7ab2dd 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -39,14 +39,12 @@ class AuthenticationMixin(CacheMixin): class LoginHandler(AuthenticationMixin, base.BaseHandler): - @base.blacklisted def get(self): next = self.get_argument("next", None) self.render("auth/login.html", next=next, incorrect=False, username=None) - @base.blacklisted @base.ratelimit(minutes=60, requests=5) def post(self): username = self.get_argument("username") @@ -84,7 +82,6 @@ class LogoutHandler(AuthenticationMixin, base.BaseHandler): class RegisterHandler(base.BaseHandler): - @base.blacklisted def get(self): # Redirect logged in users away if self.current_user: diff --git a/src/web/blog.py b/src/web/blog.py index 70349f6f..375adfc3 100644 --- a/src/web/blog.py +++ b/src/web/blog.py @@ -119,7 +119,6 @@ class DraftsHandler(auth.CacheMixin, base.BaseHandler): class SearchHandler(auth.CacheMixin, base.BaseHandler): - @base.blacklisted def get(self): q = self.get_argument("q") diff --git a/src/web/donate.py b/src/web/donate.py index b22b8cad..21f8e81c 100644 --- a/src/web/donate.py +++ b/src/web/donate.py @@ -6,11 +6,6 @@ import tornado.web from . import base class DonateHandler(base.BaseHandler): - @base.blacklisted - def prepare(self): - # Makes sure that we call blacklist for everything - pass - def get(self): location = self.get_remote_location() diff --git a/src/web/newsletter.py b/src/web/newsletter.py index c0847804..0eb7875f 100644 --- a/src/web/newsletter.py +++ b/src/web/newsletter.py @@ -7,11 +7,6 @@ import tornado.process from . import base class SubscribeHandler(base.BaseHandler): - @base.blacklisted - def prepare(self): - # Makes sure that we call blacklist for everything - pass - @base.ratelimit(minutes=15, requests=5) def post(self): address = self.get_argument("email") diff --git a/src/web/nopaste.py b/src/web/nopaste.py index d08eedbc..759a5beb 100644 --- a/src/web/nopaste.py +++ b/src/web/nopaste.py @@ -9,7 +9,6 @@ from . import ui_modules class CreateHandler(auth.CacheMixin, base.BaseHandler): MODES = ("paste", "upload") - @base.blacklisted def get(self): mode = self.get_argument("mode", "paste") if not mode in self.MODES: @@ -18,7 +17,6 @@ class CreateHandler(auth.CacheMixin, base.BaseHandler): self.render("nopaste/create.html", mode=mode, max_size=self._max_size) - @base.blacklisted @base.ratelimit(minutes=15, requests=5) def post(self): mode = self.get_argument("mode") @@ -68,7 +66,6 @@ class CreateHandler(auth.CacheMixin, base.BaseHandler): class RawHandler(base.BaseHandler): - @base.blacklisted def get(self, uid): entry = self.backend.nopaste.get(uid) if not entry: @@ -89,7 +86,6 @@ class RawHandler(base.BaseHandler): class ViewHandler(auth.CacheMixin, base.BaseHandler): - @base.blacklisted def get(self, uid): entry = self.backend.nopaste.get(uid) if not entry: