Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-16 22:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update changelog and documentation

Browse source 
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
This commit is contained in:
Aleksi Häkli 2019-02-16 19:45:12 +02:00 committed by Aleksi Häkli
parent 3279ae1f4b
commit 139a2b38fb
No known key found for this signature in database
GPG key ID: 3E7146964D726BBE
2 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
CHANGES.txt
View file

@ -26,13 +26,23 @@ Changes
- Drop support for Python 2.7 and Python 3.4. Require Python 3.5+ from now on.
[aleksihakli]
- Drop old single-argument signature format for ``AXES_USERNAME_CALLABLE``.
[aleksihakli]
- Improve tests and raise Codecov monitoring threshold to 90%.
[aleksihakli]
- Add ``AXES_NEVER_LOCKOUT_GET`` flag that allows skipping checks on GET requests.
- Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths
in addition to the old callable type such as a function or a class method.
[aleksihakli]
- Drop old single-argument signature format for ``AXES_USERNAME_CALLABLE``.
From now on, the callable needs to accept two arguments, the HttpRequest and credentials
that are supplied to the Django ``authenticate`` method in authentication backends.
[aleksihakli]
- Add ``AXES_NEVER_LOCKOUT_GET`` setting that allows skipping checks on GET requests.
[aleksihakli]
- Add ``AXES_CLIENT_IP_ATTRIBUTE`` that defines where Axes fetches from and stores
client IP addresses in the request object throughout the request - response cycle.
[aleksihakli]

8
docs/configuration.rst
View file

@ -249,8 +249,10 @@ These should be defined in your ``settings.py`` file.
Default: ``True``
* ``AXES_USERNAME_FORM_FIELD``: the name of the form field that contains your
users usernames. Default: ``username``
* ``AXES_USERNAME_CALLABLE``: A callable function that takes two arguments:
``AXES_USERNAME_CALLABLE(request, credentials)``.
* ``AXES_USERNAME_CALLABLE``: A callable or a string path to function that takes
two arguments for user lookups: ``def get_username(request: HttpRequest, credentials: dict) -> str: ...``.
This can be any callable such as ``AXES_USERNAME_CALLABLE = lambda request, credentials: 'username'``
or a full Python module path to callable such as ``AXES_USERNAME_CALLABLE = 'example.get_username``.
The ``request`` is a HttpRequest like object and the ``credentials`` is a dictionary like object.
``credentials`` are the ones that were passed to Django ``authenticate()`` in the login flow.
If no function is supplied, Axes fetches the username from the ``credentials`` or ``request.POST``
@ -268,6 +270,8 @@ These should be defined in your ``settings.py`` file.
Default: ``False``
* ``AXES_NEVER_LOCKOUT_WHITELIST``: If ``True``, users can always login from whitelisted IP addresses.
Default: ``False``
* ``AXES_CLIENT_IP_ATTRIBUTE``: A string that is used to lookup and set client IP on the request object. Default: ``'axes_client_ip'``
* ``AXES_IP_BLACKLIST``: An iterable of IPs to be blacklisted. For example: ``AXES_IP_BLACKLIST = ['0.0.0.0']``. Default: ``None``
* ``AXES_IP_WHITELIST``: An iterable of IPs to be whitelisted. For example: ``AXES_IP_WHITELIST = ['0.0.0.0']``. Default: ``None``
* ``AXES_DISABLE_ACCESS_LOG``: If ``True``, disable all access logging, so the admin interface will be empty. Default: ``False``
* ``AXES_DISABLE_SUCCESS_ACCESS_LOG``: If ``True``, successful logins will not be logged, so the access log shown in the admin interface will only list unsuccessful login attempts. Default: ``False``