From 551865d9c28181ab9be6bff44c0f983dc7fbef74 Mon Sep 17 00:00:00 2001 From: Gert Van Gool Date: Wed, 23 Dec 2020 15:53:38 -0800 Subject: [PATCH] Failed logins can also be called with a wrong request object --- axes/signals.py | 8 ++++---- axes/utils.py | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/axes/signals.py b/axes/signals.py index 1066571..99887b5 100644 --- a/axes/signals.py +++ b/axes/signals.py @@ -29,7 +29,7 @@ user_locked_out = Signal(providing_args=['request', 'username', 'ip_address']) def request_meta_get(request, key, default_value=None): meta = getattr(request, 'META', {}) if not meta: - # oauth2_provider package stores META in headers + # oauthlib uses custom request object with Django's `META` in `headers` attribute meta = getattr(request, 'headers', {}) return meta.get(key, default_value) @@ -45,9 +45,9 @@ def log_user_login_failed(sender, credentials, request, **kwargs): return ip_address = get_ip(request) username = credentials.get('username', None) - user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] - path_info = request.META.get('PATH_INFO', '')[:255] - http_accept = request.META.get('HTTP_ACCEPT', '')[:1025] + user_agent = request_meta_get(request, 'HTTP_USER_AGENT', '')[:255] + path_info = request_meta_get(request, 'PATH_INFO', '')[:255] + http_accept = request_meta_get(request, 'HTTP_ACCEPT', '')[:1025] if settings.AXES_NEVER_LOCKOUT_WHITELIST and ip_in_whitelist(ip_address): return diff --git a/axes/utils.py b/axes/utils.py index 8c0ca50..0c80f3a 100644 --- a/axes/utils.py +++ b/axes/utils.py @@ -57,6 +57,7 @@ def get_ip(request): return '' request_meta = getattr(request, "META", {}) if not request_meta: + # oauthlib uses custom request object with Django's `META` in `headers` request_meta = getattr(request, "headers", {}) if settings.AXES_BEHIND_REVERSE_PROXY: # For requests originating from behind a reverse proxy,