Unsuccessful logins are logged even if access log is disabled

axes/decorators.py

@@ -202,7 +202,8 @@ def watch_login(func):
             user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
             http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')[:1025]
             path_info = request.META.get('PATH_INFO', '<unknown>')[:255]
-            if not getattr(settings, 'AXES_DISABLE_ACCESS_LOG', False):
+            if not getattr(settings, 'AXES_DISABLE_ACCESS_LOG', False) or \
+                    login_unsuccessful:
                 AccessLog.objects.create(
                     user_agent=user_agent,
                     ip_address=get_ip(request),

axes/tests.py

@@ -260,6 +260,14 @@ class AccessAttemptTest(TestCase):
         self.assertEquals(AccessLog.objects.all().count(), 0)
         self.assertContains(response, 'Logged out')
 
+    @override_settings(AXES_DISABLE_ACCESS_LOG=True)
+    def test_valid_logout_without_log(self):
+        AccessLog.objects.all().delete()
+
+        response = self._login(is_valid_username=True, is_valid_password=False)
+
+        self.assertEquals(AccessLog.objects.all().count(), 1)
+
 
 class UtilsTest(TestCase):
     def test_iso8601(self):

docs/configuration.rst

@@ -60,4 +60,4 @@ These should be defined in your ``settings.py`` file.
   Default: ``False``
 * ``AXES_REVERSE_PROXY_HEADER``: If ``AXES_BEHIND_REVERSE_PROXY`` is ``True``, it will look for the IP address from this header.
   Default: ``HTTP_X_FORWARDED_FOR``
-* ``AXES_DISABLE_ACCESS_LOG``: If ``True``, successful logins will not be logged, so the access log shown in the admin interface is empty.
+* ``AXES_DISABLE_ACCESS_LOG``: If ``True``, successful logins will not be logged, so the access log shown in the admin interface will only list unsuccessful login attempts.