Merge pull request #392 from jazzband/development

Remove AccessAttempt.trusted flag and clean up CI setup and README
2026-03-16 22:30:23 +00:00 · 2019-01-14 15:22:56 +02:00 · 2019-01-14 15:22:56 +02:00 · 60f2a8ed71
commit 60f2a8ed71
parent 4a29d5a8fc d9d6c31309
6 changed files with 59 additions and 27 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -31,10 +31,11 @@ after_success:
 deploy:
  provider: pypi
  user: jazzband
-  server: https://jazzband.co/projects/django-axes/upload
-  distributions: sdist bdist_wheel
  password:
    secure: TCH5tGIggL2wsWce2svMwpEpPiwVOYqq1R3uSBTexszleP0OafNq/wZk2KZEReR5w1Aq68qp5F5Eeh2ZjJTq4f9M4LtTvqQzrmyNP55DYk/uB1rBJm9b4gBgMtAknxdI2g7unkhQEDo4suuPCVofM7rrDughySNpmvlUQYDttHQ=
+  server: https://jazzband.co/projects/django-axes/upload
+  distributions: sdist bdist_wheel
+  skip_existing: true
  on:
    tags: true
    repo: jazzband/django-axes
--- a/README.rst
+++ b/README.rst
@ -25,11 +25,31 @@ sort of a geeky pun, since ``axes`` can be read interpreted as:
  definition) your website. Hilarious, right? That's what I thought too!


+Documentation
+-------------
+
 For more information see the documentation at:

 https://django-axes.readthedocs.io/

-If you have questions or have trouble using the app please file a bug report
-at:
+
+Issues
+------
+
+If you have questions or have trouble using the app please file a bug report at:

 https://github.com/jazzband/django-axes/issues
+
+
+Contributing
+------------
+
+Open issues and pull requests against the ``development`` branch.
+
+Please separate proposed changes into small, different patches by type
+so that they can be merged faster into upstream and released quicker:
+
+* Feature
+* Bugfix
+* Documentation
+* Code style and whitespace
--- a/axes/admin.py
+++ b/axes/admin.py
@ -47,7 +47,6 @@ class AccessAttemptAdmin(admin.ModelAdmin):
        'user_agent',
        'ip_address',
        'username',
-        'trusted',
        'http_accept',
        'path_info',
        'attempt_time',
--- a/axes/attempts.py
+++ b/axes/attempts.py
@ -23,15 +23,15 @@ def _query_user_attempts(request, credentials=None):
    elif settings.AXES_USE_USER_AGENT:
        ua = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
        attempts = AccessAttempt.objects.filter(
-            user_agent=ua, ip_address=ip, username=username, trusted=True
+            user_agent=ua, ip_address=ip, username=username
        )
    else:
        attempts = AccessAttempt.objects.filter(
-            ip_address=ip, username=username, trusted=True
+            ip_address=ip, username=username
        )

    if not attempts:
-        params = {'trusted': False}
+        params = {}

        if settings.AXES_ONLY_USER_FAILURES:
            params['username'] = username
@ -109,18 +109,13 @@ def get_user_attempts(request, credentials=None):

        for attempt in attempts:
            if attempt.attempt_time + cool_off < timezone.now():
-                if attempt.trusted:
-                    attempt.failures_since_start = 0
-                    attempt.save()
-                    get_axes_cache().set(cache_hash_key, 0, cache_timeout)
-                else:
-                    attempt.delete()
-                    force_reload = True
-                    failures_cached = get_axes_cache().get(cache_hash_key)
-                    if failures_cached is not None:
-                        get_axes_cache().set(
-                            cache_hash_key, failures_cached - 1, cache_timeout
-                        )
+                attempt.delete()
+                force_reload = True
+                failures_cached = get_axes_cache().get(cache_hash_key)
+                if failures_cached is not None:
+                    get_axes_cache().set(
+                        cache_hash_key, failures_cached - 1, cache_timeout
+                    )

    # If objects were deleted, we need to update the queryset to reflect this,
    # so force a reload.
--- a/axes/migrations/0005_remove_accessattempt_trusted.py
+++ b/axes/migrations/0005_remove_accessattempt_trusted.py
@ -0,0 +1,17 @@
+# Generated by Django 2.1.4 on 2018-12-23 09:03
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('axes', '0004_auto_20181024_1538'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='accessattempt',
+            name='trusted',
+        ),
+    ]
--- a/axes/models.py
+++ b/axes/models.py
@ -24,13 +24,6 @@ class CommonAccess(models.Model):
        db_index=True,
    )

-    # Once a user logs in from an ip, that combination is trusted and not
-    # locked out in case of a distributed attack
-    trusted = models.BooleanField(
-        default=False,
-        db_index=True,
-    )
-
    http_accept = models.CharField(
        _('HTTP Accept'),
        max_length=1025,
@ -78,6 +71,13 @@ class AccessAttempt(CommonAccess):


 class AccessLog(CommonAccess):
+    # Once a user logs in from an ip, that combination is trusted and not
+    # locked out in case of a distributed attack
+    trusted = models.BooleanField(
+        default=False,
+        db_index=True,
+    )
+
    logout_time = models.DateTimeField(
        _('Logout Time'),
        null=True,