WIP Add rate limiter logic in auth providers

Author: OmeGak

flask_multipass/auth.py

@@ -34,6 +34,12 @@ class AuthProvider(metaclass=SupportsMeta):
     #: Useful to reliably retrieve identifier data in applications that use
     #: multiple auth providers.
     identifier_field_name = None
+    #: The rate limiter used for login attempts in local auth providers.
+    #: This should be an instance of :class:`~flask_limiter.Limiter`.
+    rate_limiter = None
+    #: The rate limiter used for login attempts bound to a specific user
+    #: This should be an instance of :class:`~flask_limiter.Limiter`.
+    rate_limiter_user = None
 
     def __init__(self, multipass, name, settings):
         self.multipass = multipass
@@ -50,6 +56,13 @@ def is_external(self):
         """
         return self.login_form is None
 
+    @property
+    def is_rate_limited(self):
+        """True if rate limiters are set for local auth provider."""
+        if self.is_external:
+            return False
+        return self.rate_limiter is not None or self.rate_limiter_user is not None
+
     def process_local_login(self, data):  # pragma: no cover
         """Handles the login process based on form data.
 
@@ -117,5 +130,14 @@ def process_logout(self, return_url):
         """
         return None
 
+    def notify_failed_login(self, identifier=None):
+        """Notify the provider about a failed login attempt."""
+        if not self.is_rate_limited:
+            return
+        if identifier and self.rate_limiter_user:
+            self.rate_limiter_user.hit(identifier)
+        elif self.rate_limiter:
+            self.rate_limiter.hit()
+
     def __repr__(self):
         return f'<{type(self).__name__}({self.name})>'