diff --git a/CHANGES.txt b/CHANGES.txt index 64ad337..d4bbf00 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -26,13 +26,23 @@ Changes - Drop support for Python 2.7 and Python 3.4. Require Python 3.5+ from now on. [aleksihakli] -- Drop old single-argument signature format for ``AXES_USERNAME_CALLABLE``. - [aleksihakli] - - Improve tests and raise Codecov monitoring threshold to 90%. [aleksihakli] -- Add ``AXES_NEVER_LOCKOUT_GET`` flag that allows skipping checks on GET requests. +- Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths + in addition to the old callable type such as a function or a class method. + [aleksihakli] + +- Drop old single-argument signature format for ``AXES_USERNAME_CALLABLE``. + From now on, the callable needs to accept two arguments, the HttpRequest and credentials + that are supplied to the Django ``authenticate`` method in authentication backends. + [aleksihakli] + +- Add ``AXES_NEVER_LOCKOUT_GET`` setting that allows skipping checks on GET requests. + [aleksihakli] + +- Add ``AXES_CLIENT_IP_ATTRIBUTE`` that defines where Axes fetches from and stores + client IP addresses in the request object throughout the request - response cycle. [aleksihakli] diff --git a/docs/configuration.rst b/docs/configuration.rst index 14ec20c..6b24b23 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -249,8 +249,10 @@ These should be defined in your ``settings.py`` file. Default: ``True`` * ``AXES_USERNAME_FORM_FIELD``: the name of the form field that contains your users usernames. Default: ``username`` -* ``AXES_USERNAME_CALLABLE``: A callable function that takes two arguments: - ``AXES_USERNAME_CALLABLE(request, credentials)``. +* ``AXES_USERNAME_CALLABLE``: A callable or a string path to function that takes + two arguments for user lookups: ``def get_username(request: HttpRequest, credentials: dict) -> str: ...``. + This can be any callable such as ``AXES_USERNAME_CALLABLE = lambda request, credentials: 'username'`` + or a full Python module path to callable such as ``AXES_USERNAME_CALLABLE = 'example.get_username``. The ``request`` is a HttpRequest like object and the ``credentials`` is a dictionary like object. ``credentials`` are the ones that were passed to Django ``authenticate()`` in the login flow. If no function is supplied, Axes fetches the username from the ``credentials`` or ``request.POST`` @@ -268,6 +270,8 @@ These should be defined in your ``settings.py`` file. Default: ``False`` * ``AXES_NEVER_LOCKOUT_WHITELIST``: If ``True``, users can always login from whitelisted IP addresses. Default: ``False`` +* ``AXES_CLIENT_IP_ATTRIBUTE``: A string that is used to lookup and set client IP on the request object. Default: ``'axes_client_ip'`` +* ``AXES_IP_BLACKLIST``: An iterable of IPs to be blacklisted. For example: ``AXES_IP_BLACKLIST = ['0.0.0.0']``. Default: ``None`` * ``AXES_IP_WHITELIST``: An iterable of IPs to be whitelisted. For example: ``AXES_IP_WHITELIST = ['0.0.0.0']``. Default: ``None`` * ``AXES_DISABLE_ACCESS_LOG``: If ``True``, disable all access logging, so the admin interface will be empty. Default: ``False`` * ``AXES_DISABLE_SUCCESS_ACCESS_LOG``: If ``True``, successful logins will not be logged, so the access log shown in the admin interface will only list unsuccessful login attempts. Default: ``False``