Issue #155. Lockout response status code changed to 403.

2026-05-13 10:03:12 +00:00 · 2016-05-12 23:01:18 +03:00 · 2016-05-12 23:01:18 +03:00 · cef95f8bc3
commit cef95f8bc3
parent 5d3b03ef37
2 changed files with 9 additions and 8 deletions
--- a/axes/decorators.py
+++ b/axes/decorators.py
@ -103,7 +103,7 @@ def is_valid_public_ip(ip_address):
    if not is_valid_ip(ip_address):
        return False
    PRIVATE_IPS_PREFIX = (
-        '10.', 
+        '10.',
        '172.16.', '172.17.', '172.18.', '172.19.', '172.20.', '172.21.', '172.22.',
        '172.23.', '172.24.', '172.25.', '172.26.', '172.27.', '172.28.', '172.29.',
        '172.30.', '172.31.',
@ -358,7 +358,7 @@ def lockout_response(request):
        }
        template = get_template(LOCKOUT_TEMPLATE)
        content = template.render(context, request)
-        return HttpResponse(content)
+        return HttpResponse(content, status=403)

    LOCKOUT_URL = get_lockout_url()
    if LOCKOUT_URL:
@ -366,10 +366,11 @@ def lockout_response(request):

    if COOLOFF_TIME:
        return HttpResponse("Account locked: too many login attempts.  "
-                            "Please try again later.")
+                            "Please try again later.", status=403)
    else:
        return HttpResponse("Account locked: too many login attempts.  "
-                            "Contact an admin to unlock your account.")
+                            "Contact an admin to unlock your account.",
+                            status=403)


 def is_already_locked(request):
--- a/axes/tests.py
+++ b/axes/tests.py
@ -78,7 +78,7 @@ class AccessAttemptTest(TestCase):
        # So, we shouldn't have gotten a lock-out yet.
        # But we should get one now
        response = self._login()
-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)

    def test_failure_limit_many(self):
        """Tests the login lock trying to login a lot of times more
@ -93,7 +93,7 @@ class AccessAttemptTest(TestCase):
        # We should get a locked message each time we try again
        for i in range(0, random.randrange(1, FAILURE_LIMIT)):
            response = self._login()
-            self.assertContains(response, self.LOCKED_MESSAGE)
+            self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)

    def test_valid_login(self):
        """Tests a valid login for a real username
@ -145,7 +145,7 @@ class AccessAttemptTest(TestCase):
        for i in range(0, FAILURE_LIMIT + 1):
            response = self._login(user_agent=long_user_agent)

-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)

    def test_reset_ip(self):
        """Tests if can reset an ip address
@ -208,7 +208,7 @@ class AccessAttemptTest(TestCase):
        # So, we shouldn't have gotten a lock-out yet.
        # But we should get one now
        response = self._login(is_valid_username=True, is_valid_password=False)
-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)

    def test_log_data_truncated(self):
        """Tests that query2str properly truncates data to the max_length (default 1024)