Handle request is None

`django.contrib.auth.authenticate` has an optional request parameter, but
can still signal for failed logins.

axes/signals.py

@@ -38,6 +38,11 @@ def request_meta_get(request, key, default_value=None):
 def log_user_login_failed(sender, credentials, request, **kwargs):
     """ Create an AccessAttempt record if the login wasn't successful
     """
+    # django-oauth-toolkit 1.1.3 calls authenticate without a request object
+    # (oauth2_provider/oauth2_validators.py#L605). Without request info, not
+    # much we can do here to track this.
+    if request is None:
+        return
     ip_address = get_ip(request)
     username = credentials.get('username', None)
     user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
@@ -129,6 +134,10 @@ def log_user_login_failed(sender, credentials, request, **kwargs):
 def log_user_logged_in(sender, request, user, **kwargs):
     """ When a user logs in, update the access log
     """
+    # django-oauth-toolkit 1.1.3 calls authenticate without a request object
+    # See oauth2_provider/oauth2_validators.py#L605
+    if request is None:
+        return
     username = user.get_username()
     ip_address = get_ip(request)
     user_agent = request_meta_get(request, 'HTTP_USER_AGENT', '<unknown>')[:255]

axes/utils.py

@@ -52,6 +52,9 @@ def is_ipv6(ip):
 def get_ip(request):
     """Parse IP address from REMOTE_ADDR or
     AXES_REVERSE_PROXY_HEADER if AXES_BEHIND_REVERSE_PROXY is set."""
+    # django-oauth-toolkit 1.1.3 calls authenticate without a request object, let's not crash
+    if request is None:
+        return ''
     request_meta = getattr(request, "META", {})
     if not request_meta:
         request_meta = getattr(request, "headers", {})