From ae49f3bdae26b9404f83cd7023f3cb39b8b75278 Mon Sep 17 00:00:00 2001
From: Anatoly <anatoly@cryptosphere-systems.com>
Date: Wed, 7 Oct 2020 15:45:29 +0200
Subject: [PATCH] Update django request in the AxesMiddleware if drf is used

---
 axes/middleware.py | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/axes/middleware.py b/axes/middleware.py
index 4ec1c0e..f686a1f 100644
--- a/axes/middleware.py
+++ b/axes/middleware.py
@@ -1,6 +1,15 @@
 from typing import Callable
 
-from axes.helpers import get_lockout_response
+from django.conf import settings
+
+from axes.helpers import (
+    get_lockout_response,
+    get_failure_limit,
+    get_client_username,
+    get_credentials,
+)
+
+from axes.handlers.proxy import AxesProxyHandler
 
 
 class AxesMiddleware:
@@ -29,6 +38,21 @@ class AxesMiddleware:
     def __call__(self, request):
         response = self.get_response(request)
 
+        if "rest_framework" in settings.INSTALLED_APPS:
+            AxesProxyHandler.update_request(request)
+            username = get_client_username(request)
+            credentials = get_credentials(username)
+            failures_since_start = AxesProxyHandler.get_failures(
+                request, credentials
+            )
+            if (
+                settings.AXES_LOCK_OUT_AT_FAILURE
+                and failures_since_start
+                >= get_failure_limit(request, credentials)
+            ):
+
+                request.axes_locked_out = True
+
         if getattr(request, "axes_locked_out", None):
             response = get_lockout_response(request)  # type: ignore