Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-16 22:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

check for lockout immediately, rather than mucking with the database.

Browse source 
This has the side effect that a locked-out user attempting to log in does
not reset their cooloff time. This is good, since the reverse may feel
overly 'punitive' to the user.
This commit is contained in:
Mike Blume 2010-09-15 03:39:24 +00:00
parent 8a4f146cb3
commit a27ac6444b
1 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
axes/decorators.py
View file

@ -99,6 +99,23 @@ def watch_login(func):
if attempt:
failures = attempt.failures_since_start
# no matter what, we want to lock them out
# if they're past the number of attempts allowed
if failures > FAILURE_LIMIT:
if LOCK_OUT_AT_FAILURE:
if COOLOFF_TIME:
response = HttpResponse("Account locked: too many login attempts. "
"Please try again later."
)
else:
response = HttpResponse("Account locked: too many login attempts. "
"Contact an admin to unlock your account."
)
# We log them out in case they actually managed to enter
# the correct password.
logout(request)
return response
if login_unsuccessful:
# add a failed attempt for this user
failures += 1
@ -140,21 +157,6 @@ def watch_login(func):
failures_since_start=failures
)
# no matter what, we want to lock them out
# if they're past the number of attempts allowed
if failures > FAILURE_LIMIT:
if LOCK_OUT_AT_FAILURE:
if COOLOFF_TIME:
response = HttpResponse("Account locked: too many login attempts. "
"Please try again later."
)
else:
response = HttpResponse("Account locked: too many login attempts. "
"Contact an admin to unlock your account."
)
# We log them out in case they actually managed to enter
# the correct password.
logout(request)
return response
return decorated_login