Rate limit prepared for feedback on login route

cps/web.py

@@ -1269,27 +1269,54 @@ def register():
         register_user_with_oauth()
     return render_title_template('register.html', config=config, title=_("Register"), page="register")
 
+
 def handle_login_user(user, remember, message, category):
     login_user(user, remember=remember)
     ub.store_user_session()
     flash(message, category=category)
-    try:
-        limiter.check()
-    except RateLimitExceeded:
     [limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
     return redirect_back(url_for("web.index"))
 
+def error_logi():
+    flash(_(u"Wait one minute"), category="error")
+    return render_login()
 
-@web.route('/login', methods=['GET', 'POST'])
-@limiter.limit("40/day", key_func=lambda: request.form.get('username'), per_method=["POST"])
-@limiter.limit("2/minute", key_func=lambda: request.form.get('username'), per_method=["POST"])
+def render_login():
+    next_url = request.args.get('next', default=url_for("web.index"), type=str)
+    if url_for("web.logout") == next_url:
+        next_url = url_for("web.index")
+    return render_title_template('login.html',
+                                 title=_(u"Login"),
+                                 next_url=next_url,
+                                 config=config,
+                                 oauth_check=oauth_check,
+                                 mail=config.get_mail_server_configured(), page="login")
+
+
+@web.route('/login', methods=['GET'])
 def login():
     if current_user is not None and current_user.is_authenticated:
         return redirect(url_for('web.index'))
     if config.config_login_type == constants.LOGIN_LDAP and not services.ldap:
         log.error(u"Cannot activate LDAP authentication")
         flash(_(u"Cannot activate LDAP authentication"), category="error")
-    if request.method == "POST":
+    return render_login()
+
+
+@web.route('/login', methods=['POST'])
+@limiter.limit("40/day", key_func=lambda: request.form.get('username', "").strip().lower())
+@limiter.limit("2/minute", key_func=lambda: request.form.get('username', "").strip().lower())
+def login_post():
+    try:
+        limiter.check()
+    except RateLimitExceeded:
+        flash(_(u"Wait one minute"), category="error")
+        return render_login()
+    if current_user is not None and current_user.is_authenticated:
+        return redirect(url_for('web.index'))
+    if config.config_login_type == constants.LOGIN_LDAP and not services.ldap:
+        log.error(u"Cannot activate LDAP authentication")
+        flash(_(u"Cannot activate LDAP authentication"), category="error")
     form = request.form.to_dict()
     user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \
         .first()
@@ -1342,22 +1369,7 @@ def login():
             else:
                 log.warning('Login failed for user "{}" IP-address: {}'.format(form['username'], ip_address))
                 flash(_(u"Wrong Username or Password"), category="error")
-
-    next_url = request.args.get('next', default=url_for("web.index"), type=str)
-    if url_for("web.logout") == next_url:
-        next_url = url_for("web.index")
-    # Check rate limit and prevent displaying remaining flash messages from last attempt
-    try:
-        limiter.check()
-    except RateLimitExceeded:
-        flask_session['_flashes'].clear()
-        raise
-    return render_title_template('login.html',
-                                 title=_(u"Login"),
-                                 next_url=next_url,
-                                 config=config,
-                                 oauth_check=oauth_check,
-                                 mail=config.get_mail_server_configured(), page="login")
+    return render_login()
 
 
 @web.route('/logout')