Add a way to configure challenge attempt ratelimiting (#2024)

* Allow submissions per minute ratelimit to be configurable
* Closes #2014

CTFd/api/v1/challenges.py

@@ -622,7 +622,8 @@ class ChallengeAttempt(Resource):
 
         # Anti-bruteforce / submitting Flags too quickly
         kpm = current_user.get_wrong_submissions_per_minute(user.account_id)
-        if kpm > 10:
+        kpm_limit = int(get_config("incorrect_submissions_per_min", default=10))
+        if kpm > kpm_limit:
             if ctftime():
                 chal_class.fail(
                     user=user, team=team, challenge=challenge, request=request

CTFd/forms/config.py

@@ -69,6 +69,11 @@ class AccountSettingsForm(BaseForm):
         choices=[("true", "Enabled"), ("false", "Disabled")],
         default="true",
     )
+    incorrect_submissions_per_min = IntegerField(
+        "Incorrect Submissions per Minute",
+        widget=NumberInput(min=1),
+        description="Amount of submissions allowed per minute for flag bruteforce protection (default: 10)",
+    )
 
     submit = SubmitField("Update")
 

CTFd/themes/admin/templates/configs/accounts.html

@@ -54,6 +54,14 @@
 			</small>
 		</div>
 
+		<div class="form-group">
+			{{ form.incorrect_submissions_per_min.label }}
+			{{ form.incorrect_submissions_per_min(class="form-control", value=incorrect_submissions_per_min) }}
+			<small class="form-text text-muted">
+				{{ form.incorrect_submissions_per_min.description }}
+			</small>
+		</div>
+
 		<div class="form-group">
 			{{ form.name_changes.label }}
 			{{ form.name_changes(class="form-control custom-select") }}