From 16a686d2fd53f2068fffe5c83c3ad43d33dac25b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AC=A2=E4=B9=90=E9=A9=AC?=
 <38058090+SkywalkerSpace@users.noreply.github.com>
Date: Fri, 11 Nov 2022 15:35:23 +0800
Subject: [PATCH] 2fa failed_attempt (#5288)

---
 seahub/two_factor/forms.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/seahub/two_factor/forms.py b/seahub/two_factor/forms.py
index a2e47b99de..f967a30582 100644
--- a/seahub/two_factor/forms.py
+++ b/seahub/two_factor/forms.py
@@ -291,6 +291,9 @@ class OTPAuthenticationFormMixin(object):
 
 
 class AuthenticationTokenForm(OTPAuthenticationFormMixin, Form):
+
+    SESSION_KEY_TWO_FACTOR_FAILED_ATTEMPT = '2fa-failed-attempt'
+
     otp_token = forms.IntegerField(label=_("Token"), min_value=1,
                                    max_value=int('9' * totp_digits()))
     remember_me = forms.BooleanField(required=False)
@@ -304,7 +307,15 @@ class AuthenticationTokenForm(OTPAuthenticationFormMixin, Form):
         """
         super(AuthenticationTokenForm, self).__init__(**kwargs)
         self.user = user
+        self.request = request
 
     def clean(self):
         self.clean_otp(self.user)
         return self.cleaned_data
+
+    def is_valid(self):
+        ret = super(Form, self).is_valid()
+        if not ret:
+            failed_attempt = self.request.session.get(self.SESSION_KEY_TWO_FACTOR_FAILED_ATTEMPT, 0)
+            self.request.session[self.SESSION_KEY_TWO_FACTOR_FAILED_ATTEMPT] = failed_attempt + 1
+        return ret