Add a way to configure challenge attempt ratelimiting (CTFd#2024)

* Allow submissions per minute ratelimit to be configurable * Closes CTFd#2014
DA-ETSIINF · Nov 22, 2021 · afb1a54 · afb1a54
1 parent a0783c3
commit afb1a54
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/CTFd/api/v1/challenges.py b/CTFd/api/v1/challenges.py
@@ -622,7 +622,8 @@ def post(self):
 
         # Anti-bruteforce / submitting Flags too quickly
         kpm = current_user.get_wrong_submissions_per_minute(user.account_id)
-        if kpm > 10:
+        kpm_limit = int(get_config("incorrect_submissions_per_min", default=10))
+        if kpm > kpm_limit:
             if ctftime():
                 chal_class.fail(
                     user=user, team=team, challenge=challenge, request=request

diff --git a/CTFd/forms/config.py b/CTFd/forms/config.py
@@ -69,6 +69,11 @@ class AccountSettingsForm(BaseForm):
         choices=[("true", "Enabled"), ("false", "Disabled")],
         default="true",
     )
+    incorrect_submissions_per_min = IntegerField(
+        "Incorrect Submissions per Minute",
+        widget=NumberInput(min=1),
+        description="Amount of submissions allowed per minute for flag bruteforce protection (default: 10)",
+    )
 
     submit = SubmitField("Update")
 

diff --git a/CTFd/themes/admin/templates/configs/accounts.html b/CTFd/themes/admin/templates/configs/accounts.html
@@ -54,6 +54,14 @@
 			</small>
 		</div>
 
+		<div class="form-group">
+			{{ form.incorrect_submissions_per_min.label }}
+			{{ form.incorrect_submissions_per_min(class="form-control", value=incorrect_submissions_per_min) }}
+			<small class="form-text text-muted">
+				{{ form.incorrect_submissions_per_min.description }}
+			</small>
+		</div>
+
 		<div class="form-group">
 			{{ form.name_changes.label }}
 			{{ form.name_changes(class="form-control custom-select") }}