Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-16 22:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prevent unnecessary save for created object

Browse source
This commit is contained in:
Uli Klank 2021-06-23 20:36:03 +02:00 committed by Aleksi Häkli
parent 8b5b921b71
commit a88366f251
1 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
axes/handlers/database.py
View file

@ -125,7 +125,14 @@ class AxesDatabaseHandler(AbstractAxesHandler, AxesBaseHandler):
username=username,
ip_address=request.axes_ip_address,
user_agent=request.axes_user_agent,
defaults={"failures_since_start": failures_since_start}
defaults={
"get_data": Concat("get_data", Value(separator + get_data)),
"post_data": Concat("post_data", Value(separator + post_data)),
"http_accept": request.axes_http_accept,
"path_info": request.axes_path_info,
"failures_since_start": failures_since_start,
"attempt_time": request.axes_attempt_time
}
)
# Update failed attempt information but do not touch the username, IP address, or user agent fields,
# because attackers can request the site with multiple different configurations
@ -133,14 +140,6 @@ class AxesDatabaseHandler(AbstractAxesHandler, AxesBaseHandler):
separator = "\n---------\n"
attempt.get_data = Concat("get_data", Value(separator + get_data))
attempt.post_data = Concat("post_data", Value(separator + post_data))
attempt.http_accept = request.axes_http_accept
attempt.path_info = request.axes_path_info
if not created:
attempt.failures_since_start += 1
attempt.attempt_time = request.axes_attempt_time
attempt.save()
# Record failed attempt with all the relevant information.
# Filtering based on username, IP address and user agent handled elsewhere,
# and this handler just records the available information for further use.
@ -150,6 +149,14 @@ class AxesDatabaseHandler(AbstractAxesHandler, AxesBaseHandler):
client_str,
)
else:
attempt.get_data = Concat("get_data", Value(separator + get_data))
attempt.post_data = Concat("post_data", Value(separator + post_data))
attempt.http_accept = request.axes_http_accept
attempt.path_info = request.axes_path_info
attempt.failures_since_start += 1
attempt.attempt_time = request.axes_attempt_time
attempt.save()
log.warning(
"AXES: Repeated login failure by %s. Count = %d of %d. Updating existing record in the database.",
client_str,