Add warnings that a request is not HttpRequest (and skip failed login checks)

2026-05-21 13:51:53 +00:00 · 2020-12-23 18:58:49 -08:00 · 2020-12-23 18:58:49 -08:00 · 41ed2d42a4
commit 41ed2d42a4
parent 551865d9c2
1 changed files with 7 additions and 0 deletions
--- a/axes/signals.py
+++ b/axes/signals.py
@ -7,6 +7,7 @@ from django.core.cache import cache
 from django.db.models.signals import post_save, post_delete
 from django.dispatch import receiver
 from django.dispatch import Signal
+from django.http import HttpRequest
 from django.utils import timezone

 from axes.conf import settings
@ -52,6 +53,10 @@ def log_user_login_failed(sender, credentials, request, **kwargs):
    if settings.AXES_NEVER_LOCKOUT_WHITELIST and ip_in_whitelist(ip_address):
        return

+    if not isinstance(request, HttpRequest):
+        log.warning("AXES: request is not a real HttpRequest. Skipping...")
+        return
+
    failures = 0
    attempts = get_user_attempts(request)
    cache_hash_key = get_cache_key(request)
@ -138,6 +143,8 @@ def log_user_logged_in(sender, request, user, **kwargs):
    # See oauth2_provider/oauth2_validators.py#L605
    if request is None:
        return
+    if not isinstance(request, HttpRequest):
+        log.warning("AXES: request is not a real HttpRequest")
    username = user.get_username()
    ip_address = get_ip(request)
    user_agent = request_meta_get(request, 'HTTP_USER_AGENT', '<unknown>')[:255]