django-axes/axes/admin.py

from django.contrib import admin
from django.http import HttpRequest
from django.utils.translation import gettext_lazy as _

from axes.conf import settings
from axes.models import AccessAttempt, AccessLog, AccessFailureLog
from axes.handlers.database import AxesDatabaseHandler


class IsLockedOutFilter(admin.SimpleListFilter):
    title = _("Locked Out")
    parameter_name = "locked_out"

    def lookups(self, request, model_admin):
        return (
            ("yes", _("Yes")),
            ("no", _("No")),
        )

    def queryset(self, request, queryset):
        if self.value() == "yes":
            return queryset.filter(
                failures_since_start__gte=settings.AXES_FAILURE_LIMIT
            )
        if self.value() == "no":
            return queryset.filter(failures_since_start__lt=settings.AXES_FAILURE_LIMIT)
        return queryset


class AccessAttemptAdmin(admin.ModelAdmin):
    list_display = [
        "attempt_time",
        "ip_address",
        "user_agent",
        "username",
        "path_info",
        "failures_since_start",
    ]

    if settings.AXES_USE_ATTEMPT_EXPIRATION:
        list_display.append("expiration")

    list_filter = ["attempt_time", "path_info"]

    if isinstance(settings.AXES_FAILURE_LIMIT, int) and settings.AXES_FAILURE_LIMIT > 0:
        # This will only add the status field if AXES_FAILURE_LIMIT is set to a positive integer
        # Because callable failure limit requires scope of request object
        list_display.append("status")
        list_filter.append(IsLockedOutFilter)  # type: ignore[arg-type]

    search_fields = ["ip_address", "username", "user_agent", "path_info"]

    date_hierarchy = "attempt_time"

    fieldsets = (
        (
            None,
            {"fields": ("username", "path_info", "failures_since_start", "expiration")},
        ),
        (_("Form Data"), {"fields": ("get_data", "post_data")}),
        (_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),
    )

    readonly_fields = [
        "user_agent",
        "ip_address",
        "username",
        "http_accept",
        "path_info",
        "attempt_time",
        "get_data",
        "post_data",
        "failures_since_start",
        "expiration",
    ]

    actions = ["cleanup_expired_attempts"]

    @admin.action(description=_("Clean up expired attempts"))
    def cleanup_expired_attempts(self, request, queryset):  # noqa
        count = self.handler.clean_expired_user_attempts(request=request)
        self.message_user(request, _(f"Cleaned up {count} expired access attempts."))

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.handler = AxesDatabaseHandler()

    def has_add_permission(self, request: HttpRequest) -> bool:
        return False

    def expiration(self, obj: AccessAttempt):
        return obj.expiration.expires_at if hasattr(obj, "expiration") else _("Not set")

    def status(self, obj: AccessAttempt):
        return (
            f"{settings.AXES_FAILURE_LIMIT - obj.failures_since_start} "
            + _("Attempt Remaining")
            if obj.failures_since_start < settings.AXES_FAILURE_LIMIT
            else _("Locked Out")
        )


class AccessLogAdmin(admin.ModelAdmin):
    list_display = (
        "attempt_time",
        "logout_time",
        "ip_address",
        "username",
        "user_agent",
        "path_info",
    )

    list_filter = ["attempt_time", "logout_time", "path_info"]

    search_fields = ["ip_address", "user_agent", "username", "path_info"]

    date_hierarchy = "attempt_time"

    fieldsets = (
        (None, {"fields": ("username", "path_info")}),
        (_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),
    )

    readonly_fields = [
        "user_agent",
        "ip_address",
        "username",
        "http_accept",
        "path_info",
        "attempt_time",
        "logout_time",
    ]

    def has_add_permission(self, request: HttpRequest) -> bool:
        return False


class AccessFailureLogAdmin(admin.ModelAdmin):
    list_display = (
        "attempt_time",
        "ip_address",
        "username",
        "user_agent",
        "path_info",
        "locked_out",
    )

    list_filter = ["attempt_time", "locked_out", "path_info"]

    search_fields = ["ip_address", "user_agent", "username", "path_info"]

    date_hierarchy = "attempt_time"

    fieldsets = (
        (None, {"fields": ("username", "path_info")}),
        (_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),
    )

    readonly_fields = [
        "user_agent",
        "ip_address",
        "username",
        "http_accept",
        "path_info",
        "attempt_time",
        "locked_out",
    ]

    def has_add_permission(self, request: HttpRequest) -> bool:
        return False


if settings.AXES_ENABLE_ADMIN:
    admin.site.register(AccessAttempt, AccessAttemptAdmin)
    admin.site.register(AccessLog, AccessLogAdmin)
    admin.site.register(AccessFailureLog, AccessFailureLogAdmin)
Initial import --HG-- extra : convert_revision : svn%3A6515f4ec-ab5a-11dd-8fd9-859366ca643a/trunk%402 2008-11-05 22:52:40 +00:00			`from django.contrib import admin`
Add type hint for request variables 2022-04-26 13:09:10 +00:00			`from django.http import HttpRequest`
Add translations for the admin fieldset headers 2018-07-17 13:57:24 +00:00			`from django.utils.translation import gettext_lazy as _`
Improved code readability 2013-03-16 22:13:35 +00:00
Deprecate django-appconf 2020-09-12 13:18:47 +00:00			`from axes.conf import settings`
Implement AccessFailureLog recordings 2022-03-15 09:42:24 +00:00			`from axes.models import AccessAttempt, AccessLog, AccessFailureLog`
Added cleanup_expired_attempts action 2025-07-08 14:17:34 +00:00			`from axes.handlers.database import AxesDatabaseHandler`
Initial import --HG-- extra : convert_revision : svn%3A6515f4ec-ab5a-11dd-8fd9-859366ca643a/trunk%402 2008-11-05 22:52:40 +00:00
lots of pep8 fixes 2011-04-12 21:04:51 +00:00
Added IsLockedOutFilter to AccessAttemptAdmin 2025-06-22 07:46:53 +00:00			`class IsLockedOutFilter(admin.SimpleListFilter):`
			`title = _("Locked Out")`
			`parameter_name = "locked_out"`

			`def lookups(self, request, model_admin):`
			`return (`
			`("yes", _("Yes")),`
			`("no", _("No")),`
			`)`

			`def queryset(self, request, queryset):`
			`if self.value() == "yes":`
Run black autoformatting 2026-02-11 19:54:13 +00:00			`return queryset.filter(`
			`failures_since_start__gte=settings.AXES_FAILURE_LIMIT`
			`)`
Fix prospector errors 2026-02-11 20:06:59 +00:00			`if self.value() == "no":`
Added IsLockedOutFilter to AccessAttemptAdmin 2025-06-22 07:46:53 +00:00			`return queryset.filter(failures_since_start__lt=settings.AXES_FAILURE_LIMIT)`
			`return queryset`


Initial import --HG-- extra : convert_revision : svn%3A6515f4ec-ab5a-11dd-8fd9-859366ca643a/trunk%402 2008-11-05 22:52:40 +00:00			`class AccessAttemptAdmin(admin.ModelAdmin):`
AccessAttemptAdmin.list_display datatype change tuple->list for customization 2025-06-22 07:10:04 +00:00			`list_display = [`
			`"attempt_time",`
			`"ip_address",`
			`"user_agent",`
			`"username",`
			`"path_info",`
			`"failures_since_start",`
			`]`
Run black autoformatting 2026-02-11 19:54:13 +00:00
Shifted epired_at filed to new model 2025-06-07 13:13:14 +00:00			`if settings.AXES_USE_ATTEMPT_EXPIRATION:`
Run black autoformatting 2026-02-11 19:54:13 +00:00			`list_display.append("expiration")`
Added individual attempt expiry feature 2025-05-27 19:21:50 +00:00
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`list_filter = ["attempt_time", "path_info"]`
Improved code readability 2013-03-16 22:13:35 +00:00
Added status column to list display 2025-06-22 07:46:25 +00:00			`if isinstance(settings.AXES_FAILURE_LIMIT, int) and settings.AXES_FAILURE_LIMIT > 0:`
			`# This will only add the status field if AXES_FAILURE_LIMIT is set to a positive integer`
			`# Because callable failure limit requires scope of request object`
			`list_display.append("status")`
Suppress mypy type errors Update Mypy Python version to 3.14 2026-02-11 19:53:12 +00:00			`list_filter.append(IsLockedOutFilter) # type: ignore[arg-type]`
Added status column to list display 2025-06-22 07:46:25 +00:00
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`search_fields = ["ip_address", "username", "user_agent", "path_info"]`
Improved code readability 2013-03-16 22:13:35 +00:00
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`date_hierarchy = "attempt_time"`
Improved code readability 2013-03-16 22:13:35 +00:00
Initial import --HG-- extra : convert_revision : svn%3A6515f4ec-ab5a-11dd-8fd9-859366ca643a/trunk%402 2008-11-05 22:52:40 +00:00			`fieldsets = (`
Run black autoformatting 2026-02-11 19:54:13 +00:00			`(`
			`None,`
			`{"fields": ("username", "path_info", "failures_since_start", "expiration")},`
			`),`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`(_("Form Data"), {"fields": ("get_data", "post_data")}),`
			`(_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),`
Initial import --HG-- extra : convert_revision : svn%3A6515f4ec-ab5a-11dd-8fd9-859366ca643a/trunk%402 2008-11-05 22:52:40 +00:00			`)`

AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`readonly_fields = [`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`"user_agent",`
			`"ip_address",`
			`"username",`
			`"http_accept",`
			`"path_info",`
			`"attempt_time",`
			`"get_data",`
			`"post_data",`
			`"failures_since_start",`
Modified verbiage changes & removed comment 2025-06-08 08:44:02 +00:00			`"expiration",`
AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`]`

Run black autoformatting 2026-02-11 19:54:13 +00:00			`actions = ["cleanup_expired_attempts"]`
Added cleanup_expired_attempts action 2025-07-08 14:17:34 +00:00
Run black autoformatting 2026-02-11 19:54:13 +00:00			`@admin.action(description=_("Clean up expired attempts"))`
Fix prospector errors 2026-02-11 20:06:59 +00:00			`def cleanup_expired_attempts(self, request, queryset): # noqa`
Added cleanup_expired_attempts action 2025-07-08 14:17:34 +00:00			`count = self.handler.clean_expired_user_attempts(request=request)`
			`self.message_user(request, _(f"Cleaned up {count} expired access attempts."))`

			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
			`self.handler = AxesDatabaseHandler()`

Add type hint for request variables 2022-04-26 13:09:10 +00:00			`def has_add_permission(self, request: HttpRequest) -> bool:`
AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`return False`

Modified verbiage changes & removed comment 2025-06-08 08:44:02 +00:00			`def expiration(self, obj: AccessAttempt):`
Updated expires_at for null, blank False, lte query update, admin expiration logic simplify 2025-06-10 15:03:56 +00:00			`return obj.expiration.expires_at if hasattr(obj, "expiration") else _("Not set")`
Run black autoformatting 2026-02-11 19:54:13 +00:00
Added status column to list display 2025-06-22 07:46:25 +00:00			`def status(self, obj: AccessAttempt):`
Run black autoformatting 2026-02-11 19:54:13 +00:00			`return (`
			`f"{settings.AXES_FAILURE_LIMIT - obj.failures_since_start} "`
			`+ _("Attempt Remaining")`
			`if obj.failures_since_start < settings.AXES_FAILURE_LIMIT`
			`else _("Locked Out")`
			`)`

Tweak 2018-05-26 17:28:11 +00:00
Added AccessLog model to log all access attempts. refactored the models so there is a common abstract base class. Also added the model to django admin 2012-11-25 20:46:45 +00:00			`class AccessLogAdmin(admin.ModelAdmin):`
Improved code readability 2013-03-16 22:13:35 +00:00			`list_display = (`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`"attempt_time",`
			`"logout_time",`
			`"ip_address",`
			`"username",`
			`"user_agent",`
			`"path_info",`
Improved code readability 2013-03-16 22:13:35 +00:00			`)`

Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`list_filter = ["attempt_time", "logout_time", "path_info"]`
Improved code readability 2013-03-16 22:13:35 +00:00
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`search_fields = ["ip_address", "user_agent", "username", "path_info"]`
Improved code readability 2013-03-16 22:13:35 +00:00
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`date_hierarchy = "attempt_time"`
Improved code readability 2013-03-16 22:13:35 +00:00
Added AccessLog model to log all access attempts. refactored the models so there is a common abstract base class. Also added the model to django admin 2012-11-25 20:46:45 +00:00			`fieldsets = (`
Add username to admin fieldsets #1073 2023-06-15 12:14:59 +00:00			`(None, {"fields": ("username", "path_info")}),`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`(_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),`
Added AccessLog model to log all access attempts. refactored the models so there is a common abstract base class. Also added the model to django admin 2012-11-25 20:46:45 +00:00			`)`

AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`readonly_fields = [`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`"user_agent",`
			`"ip_address",`
			`"username",`
			`"http_accept",`
			`"path_info",`
			`"attempt_time",`
			`"logout_time",`
AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`]`

Add type hint for request variables 2022-04-26 13:09:10 +00:00			`def has_add_permission(self, request: HttpRequest) -> bool:`
AccessAttempts and AccessLogs should neither be addable nor editable 2016-08-18 10:11:28 +00:00			`return False`
Add AXES_ENABLE_ADMIN flag to configure showing Axes in admin (#499) 2019-10-09 16:02:45 +00:00

Implement AccessFailureLog recordings 2022-03-15 09:42:24 +00:00			`class AccessFailureLogAdmin(admin.ModelAdmin):`
			`list_display = (`
			`"attempt_time",`
			`"ip_address",`
			`"username",`
			`"user_agent",`
			`"path_info",`
			`"locked_out",`
			`)`

			`list_filter = ["attempt_time", "locked_out", "path_info"]`

			`search_fields = ["ip_address", "user_agent", "username", "path_info"]`

			`date_hierarchy = "attempt_time"`

			`fieldsets = (`
Add username to admin fieldsets #1073 2023-06-15 12:14:59 +00:00			`(None, {"fields": ("username", "path_info")}),`
Implement AccessFailureLog recordings 2022-03-15 09:42:24 +00:00			`(_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}),`
			`)`

			`readonly_fields = [`
			`"user_agent",`
			`"ip_address",`
			`"username",`
			`"http_accept",`
			`"path_info",`
			`"attempt_time",`
			`"locked_out",`
			`]`

Add type hint for request variables 2022-04-26 13:09:10 +00:00			`def has_add_permission(self, request: HttpRequest) -> bool:`
Implement AccessFailureLog recordings 2022-03-15 09:42:24 +00:00			`return False`


Add AXES_ENABLE_ADMIN flag to configure showing Axes in admin (#499) 2019-10-09 16:02:45 +00:00			`if settings.AXES_ENABLE_ADMIN:`
			`admin.site.register(AccessAttempt, AccessAttemptAdmin)`
			`admin.site.register(AccessLog, AccessLogAdmin)`
Implement AccessFailureLog recordings 2022-03-15 09:42:24 +00:00			`admin.site.register(AccessFailureLog, AccessFailureLogAdmin)`