From 146d7a20b742a1c117d4bd2c115f71807557bed0 Mon Sep 17 00:00:00 2001
From: Ashok Argent-Katwala <ashok@delphia.com>
Date: Wed, 18 Nov 2020 16:18:48 -0500
Subject: [PATCH] Only do the work in the middleware if axes is enabled.

---
 axes/middleware.py            | 25 +++++++++++++------------
 axes/tests/test_middleware.py |  9 +++++++++
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/axes/middleware.py b/axes/middleware.py
index 87b44d4..a16bd1b 100644
--- a/axes/middleware.py
+++ b/axes/middleware.py
@@ -42,19 +42,20 @@ class AxesMiddleware:
     def __call__(self, request):
         response = self.get_response(request)
 
-        if "rest_framework" in settings.INSTALLED_APPS:
-            AxesProxyHandler.update_request(request)
-            username = get_client_username(request)
-            credentials = get_credentials(username)
-            failures_since_start = AxesProxyHandler.get_failures(request, credentials)
-            if (
-                settings.AXES_LOCK_OUT_AT_FAILURE
-                and failures_since_start >= get_failure_limit(request, credentials)
-            ):
+        if settings.AXES_ENABLED:
+            if "rest_framework" in settings.INSTALLED_APPS:
+                AxesProxyHandler.update_request(request)
+                username = get_client_username(request)
+                credentials = get_credentials(username)
+                failures_since_start = AxesProxyHandler.get_failures(request, credentials)
+                if (
+                    settings.AXES_LOCK_OUT_AT_FAILURE
+                    and failures_since_start >= get_failure_limit(request, credentials)
+                ):
 
-                request.axes_locked_out = True
+                    request.axes_locked_out = True
 
-        if getattr(request, "axes_locked_out", None):
-            response = get_lockout_response(request)  # type: ignore
+            if getattr(request, "axes_locked_out", None):
+                response = get_lockout_response(request)  # type: ignore
 
         return response
diff --git a/axes/tests/test_middleware.py b/axes/tests/test_middleware.py
index 4444df2..ce89956 100644
--- a/axes/tests/test_middleware.py
+++ b/axes/tests/test_middleware.py
@@ -31,6 +31,15 @@ class MiddlewareTestCase(AxesTestCase):
         response = AxesMiddleware(get_response)(self.request)
         self.assertEqual(response.status_code, self.STATUS_LOCKOUT)
 
+    @override_settings(AXES_ENABLED=False)
+    def test_respects_enabled_switch(self):
+        def get_response(request):
+            request.axes_locked_out = True
+            return HttpResponse()
+
+        response = AxesMiddleware(get_response)(self.request)
+        self.assertEqual(response.status_code, self.STATUS_SUCCESS)
+
     @mock.patch("django.conf.settings.INSTALLED_APPS", ["rest_framework"])
     def test_response_contains_required_attrs_with_drf_integration(self):
         def get_response(request):