2016-07-31 22:17:34 +00:00
|
|
|
.. _installation:
|
|
|
|
|
|
2019-04-27 13:06:47 +00:00
|
|
|
2. Installation
|
|
|
|
|
===============
|
2016-07-31 22:17:34 +00:00
|
|
|
|
2019-02-25 14:59:44 +00:00
|
|
|
Axes is easy to install from the PyPI package::
|
2016-07-31 22:17:34 +00:00
|
|
|
|
|
|
|
|
$ pip install django-axes
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
After installing the package, the project settings need to be configured.
|
2019-02-25 14:59:44 +00:00
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
**1.** Add ``axes`` to your ``INSTALLED_APPS``::
|
2019-02-25 14:59:44 +00:00
|
|
|
|
|
|
|
|
INSTALLED_APPS = [
|
|
|
|
|
'django.contrib.admin',
|
|
|
|
|
'django.contrib.auth',
|
|
|
|
|
'django.contrib.contenttypes',
|
|
|
|
|
'django.contrib.sessions',
|
|
|
|
|
'django.contrib.messages',
|
|
|
|
|
'django.contrib.staticfiles',
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
# Axes app can be in any position in the INSTALLED_APPS list.
|
2019-02-25 14:59:44 +00:00
|
|
|
'axes',
|
|
|
|
|
]
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
**2.** Add ``axes.backends.AxesBackend`` to the top of ``AUTHENTICATION_BACKENDS``::
|
2019-02-25 14:59:44 +00:00
|
|
|
|
|
|
|
|
AUTHENTICATION_BACKENDS = [
|
2019-04-27 14:55:28 +00:00
|
|
|
# AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
|
2019-02-25 14:59:44 +00:00
|
|
|
'axes.backends.AxesBackend',
|
|
|
|
|
|
|
|
|
|
# Django ModelBackend is the default authentication backend.
|
|
|
|
|
'django.contrib.auth.backends.ModelBackend',
|
|
|
|
|
]
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
**3.** Add ``axes.middleware.AxesMiddleware`` to your list of ``MIDDLEWARE``::
|
2019-02-25 14:59:44 +00:00
|
|
|
|
|
|
|
|
MIDDLEWARE = [
|
|
|
|
|
# The following is the list of default middleware in new Django projects.
|
|
|
|
|
'django.middleware.security.SecurityMiddleware',
|
|
|
|
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
|
|
|
'django.middleware.common.CommonMiddleware',
|
|
|
|
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
|
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
|
|
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
|
|
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
# AxesMiddleware should be the last middleware in the MIDDLEWARE list.
|
2019-02-25 14:59:44 +00:00
|
|
|
'axes.middleware.AxesMiddleware',
|
|
|
|
|
]
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
**4.** Run ``python manage.py check`` to check the configuration.
|
|
|
|
|
|
|
|
|
|
**5.** Run ``python manage.py migrate`` to sync the database.
|
2019-02-25 14:59:44 +00:00
|
|
|
|
|
|
|
|
Axes is now functional with the default settings and is saving user attempts
|
|
|
|
|
into your database and locking users out if they exceed the maximum attempts.
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
You should use the ``python manage.py check`` command to verify the correct configuration in both
|
|
|
|
|
development, staging, and production environments. It is probably best to use this step as part
|
2019-02-25 14:59:44 +00:00
|
|
|
of your regular CI workflows to verify that your project is not misconfigured.
|
|
|
|
|
|
2019-04-27 14:55:28 +00:00
|
|
|
Axes uses checks to verify your Django settings configuration for security and functionality.
|
|
|
|
|
Many people have different configurations for their development and production environments,
|
|
|
|
|
and running the application with misconfigured settings can prevent security features from working.
|
