Remove unused AccessAttempt.trusted flag

Fixes #344
2026-03-16 22:30:23 +00:00 · 2018-12-23 16:04:56 +01:00 · 2018-12-23 16:04:56 +01:00 · c7e79aeaf2
commit c7e79aeaf2
parent b28ece3dae
4 changed files with 34 additions and 23 deletions
--- a/axes/admin.py
+++ b/axes/admin.py
@ -47,7 +47,6 @@ class AccessAttemptAdmin(admin.ModelAdmin):
        'user_agent',
        'ip_address',
        'username',
-        'trusted',
        'http_accept',
        'path_info',
        'attempt_time',
--- a/axes/attempts.py
+++ b/axes/attempts.py
@ -23,15 +23,15 @@ def _query_user_attempts(request, credentials=None):
    elif settings.AXES_USE_USER_AGENT:
        ua = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
        attempts = AccessAttempt.objects.filter(
-            user_agent=ua, ip_address=ip, username=username, trusted=True
+            user_agent=ua, ip_address=ip, username=username
        )
    else:
        attempts = AccessAttempt.objects.filter(
-            ip_address=ip, username=username, trusted=True
+            ip_address=ip, username=username
        )

    if not attempts:
-        params = {'trusted': False}
+        params = {}

        if settings.AXES_ONLY_USER_FAILURES:
            params['username'] = username
@ -109,18 +109,13 @@ def get_user_attempts(request, credentials=None):

        for attempt in attempts:
            if attempt.attempt_time + cool_off < timezone.now():
-                if attempt.trusted:
-                    attempt.failures_since_start = 0
-                    attempt.save()
-                    get_axes_cache().set(cache_hash_key, 0, cache_timeout)
-                else:
-                    attempt.delete()
-                    force_reload = True
-                    failures_cached = get_axes_cache().get(cache_hash_key)
-                    if failures_cached is not None:
-                        get_axes_cache().set(
-                            cache_hash_key, failures_cached - 1, cache_timeout
-                        )
+                attempt.delete()
+                force_reload = True
+                failures_cached = get_axes_cache().get(cache_hash_key)
+                if failures_cached is not None:
+                    get_axes_cache().set(
+                        cache_hash_key, failures_cached - 1, cache_timeout
+                    )

    # If objects were deleted, we need to update the queryset to reflect this,
    # so force a reload.
--- a/axes/migrations/0005_remove_accessattempt_trusted.py
+++ b/axes/migrations/0005_remove_accessattempt_trusted.py
@ -0,0 +1,17 @@
+# Generated by Django 2.1.4 on 2018-12-23 09:03
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('axes', '0004_auto_20181024_1538'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='accessattempt',
+            name='trusted',
+        ),
+    ]
--- a/axes/models.py
+++ b/axes/models.py
@ -24,13 +24,6 @@ class CommonAccess(models.Model):
        db_index=True,
    )

-    # Once a user logs in from an ip, that combination is trusted and not
-    # locked out in case of a distributed attack
-    trusted = models.BooleanField(
-        default=False,
-        db_index=True,
-    )
-
    http_accept = models.CharField(
        _('HTTP Accept'),
        max_length=1025,
@ -78,6 +71,13 @@ class AccessAttempt(CommonAccess):


 class AccessLog(CommonAccess):
+    # Once a user logs in from an ip, that combination is trusted and not
+    # locked out in case of a distributed attack
+    trusted = models.BooleanField(
+        default=False,
+        db_index=True,
+    )
+
    logout_time = models.DateTimeField(
        _('Logout Time'),
        null=True,