From 82ca671f94a305217d242a64d771850ef913ca06 Mon Sep 17 00:00:00 2001 From: Gert Van Gool Date: Wed, 23 Dec 2020 15:52:58 -0800 Subject: [PATCH] Handle request is None `django.contrib.auth.authenticate` has an optional request parameter, but can still signal for failed logins. --- axes/signals.py | 9 +++++++++ axes/utils.py | 3 +++ 2 files changed, 12 insertions(+) diff --git a/axes/signals.py b/axes/signals.py index 60aab6c..1066571 100644 --- a/axes/signals.py +++ b/axes/signals.py @@ -38,6 +38,11 @@ def request_meta_get(request, key, default_value=None): def log_user_login_failed(sender, credentials, request, **kwargs): """ Create an AccessAttempt record if the login wasn't successful """ + # django-oauth-toolkit 1.1.3 calls authenticate without a request object + # (oauth2_provider/oauth2_validators.py#L605). Without request info, not + # much we can do here to track this. + if request is None: + return ip_address = get_ip(request) username = credentials.get('username', None) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] @@ -129,6 +134,10 @@ def log_user_login_failed(sender, credentials, request, **kwargs): def log_user_logged_in(sender, request, user, **kwargs): """ When a user logs in, update the access log """ + # django-oauth-toolkit 1.1.3 calls authenticate without a request object + # See oauth2_provider/oauth2_validators.py#L605 + if request is None: + return username = user.get_username() ip_address = get_ip(request) user_agent = request_meta_get(request, 'HTTP_USER_AGENT', '')[:255] diff --git a/axes/utils.py b/axes/utils.py index bbc1c78..8c0ca50 100644 --- a/axes/utils.py +++ b/axes/utils.py @@ -52,6 +52,9 @@ def is_ipv6(ip): def get_ip(request): """Parse IP address from REMOTE_ADDR or AXES_REVERSE_PROXY_HEADER if AXES_BEHIND_REVERSE_PROXY is set.""" + # django-oauth-toolkit 1.1.3 calls authenticate without a request object, let's not crash + if request is None: + return '' request_meta = getattr(request, "META", {}) if not request_meta: request_meta = getattr(request, "headers", {})