From c7e79aeaf2afcf36041e13f9d79c8a4e9b26cb4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksi=20H=C3=A4kli?= Date: Sun, 23 Dec 2018 16:04:56 +0100 Subject: [PATCH] Remove unused AccessAttempt.trusted flag Fixes #344 --- axes/admin.py | 1 - axes/attempts.py | 25 ++++++++----------- .../0005_remove_accessattempt_trusted.py | 17 +++++++++++++ axes/models.py | 14 +++++------ 4 files changed, 34 insertions(+), 23 deletions(-) create mode 100644 axes/migrations/0005_remove_accessattempt_trusted.py diff --git a/axes/admin.py b/axes/admin.py index 9c61ced..af416b3 100644 --- a/axes/admin.py +++ b/axes/admin.py @@ -47,7 +47,6 @@ class AccessAttemptAdmin(admin.ModelAdmin): 'user_agent', 'ip_address', 'username', - 'trusted', 'http_accept', 'path_info', 'attempt_time', diff --git a/axes/attempts.py b/axes/attempts.py index 4fe7725..bfbbbad 100644 --- a/axes/attempts.py +++ b/axes/attempts.py @@ -23,15 +23,15 @@ def _query_user_attempts(request, credentials=None): elif settings.AXES_USE_USER_AGENT: ua = request.META.get('HTTP_USER_AGENT', '')[:255] attempts = AccessAttempt.objects.filter( - user_agent=ua, ip_address=ip, username=username, trusted=True + user_agent=ua, ip_address=ip, username=username ) else: attempts = AccessAttempt.objects.filter( - ip_address=ip, username=username, trusted=True + ip_address=ip, username=username ) if not attempts: - params = {'trusted': False} + params = {} if settings.AXES_ONLY_USER_FAILURES: params['username'] = username @@ -109,18 +109,13 @@ def get_user_attempts(request, credentials=None): for attempt in attempts: if attempt.attempt_time + cool_off < timezone.now(): - if attempt.trusted: - attempt.failures_since_start = 0 - attempt.save() - get_axes_cache().set(cache_hash_key, 0, cache_timeout) - else: - attempt.delete() - force_reload = True - failures_cached = get_axes_cache().get(cache_hash_key) - if failures_cached is not None: - get_axes_cache().set( - cache_hash_key, failures_cached - 1, cache_timeout - ) + attempt.delete() + force_reload = True + failures_cached = get_axes_cache().get(cache_hash_key) + if failures_cached is not None: + get_axes_cache().set( + cache_hash_key, failures_cached - 1, cache_timeout + ) # If objects were deleted, we need to update the queryset to reflect this, # so force a reload. diff --git a/axes/migrations/0005_remove_accessattempt_trusted.py b/axes/migrations/0005_remove_accessattempt_trusted.py new file mode 100644 index 0000000..10db717 --- /dev/null +++ b/axes/migrations/0005_remove_accessattempt_trusted.py @@ -0,0 +1,17 @@ +# Generated by Django 2.1.4 on 2018-12-23 09:03 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('axes', '0004_auto_20181024_1538'), + ] + + operations = [ + migrations.RemoveField( + model_name='accessattempt', + name='trusted', + ), + ] diff --git a/axes/models.py b/axes/models.py index bc13844..2a6c1de 100644 --- a/axes/models.py +++ b/axes/models.py @@ -24,13 +24,6 @@ class CommonAccess(models.Model): db_index=True, ) - # Once a user logs in from an ip, that combination is trusted and not - # locked out in case of a distributed attack - trusted = models.BooleanField( - default=False, - db_index=True, - ) - http_accept = models.CharField( _('HTTP Accept'), max_length=1025, @@ -78,6 +71,13 @@ class AccessAttempt(CommonAccess): class AccessLog(CommonAccess): + # Once a user logs in from an ip, that combination is trusted and not + # locked out in case of a distributed attack + trusted = models.BooleanField( + default=False, + db_index=True, + ) + logout_time = models.DateTimeField( _('Logout Time'), null=True,