From 41ed2d42a4baa2494e9988795446b29d8a9adcf0 Mon Sep 17 00:00:00 2001 From: Gert Van Gool Date: Wed, 23 Dec 2020 18:58:49 -0800 Subject: [PATCH] Add warnings that a request is not HttpRequest (and skip failed login checks) --- axes/signals.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/axes/signals.py b/axes/signals.py index 99887b5..99b9433 100644 --- a/axes/signals.py +++ b/axes/signals.py @@ -7,6 +7,7 @@ from django.core.cache import cache from django.db.models.signals import post_save, post_delete from django.dispatch import receiver from django.dispatch import Signal +from django.http import HttpRequest from django.utils import timezone from axes.conf import settings @@ -52,6 +53,10 @@ def log_user_login_failed(sender, credentials, request, **kwargs): if settings.AXES_NEVER_LOCKOUT_WHITELIST and ip_in_whitelist(ip_address): return + if not isinstance(request, HttpRequest): + log.warning("AXES: request is not a real HttpRequest. Skipping...") + return + failures = 0 attempts = get_user_attempts(request) cache_hash_key = get_cache_key(request) @@ -138,6 +143,8 @@ def log_user_logged_in(sender, request, user, **kwargs): # See oauth2_provider/oauth2_validators.py#L605 if request is None: return + if not isinstance(request, HttpRequest): + log.warning("AXES: request is not a real HttpRequest") username = user.get_username() ip_address = get_ip(request) user_agent = request_meta_get(request, 'HTTP_USER_AGENT', '')[:255]