From cef95f8bc3fc9cd5513863f43ebf1c763ad3c6a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=83=D1=80=20=D0=9C=D1=83=D0=BB=D0=BB?=
 =?UTF-8?q?=D0=B0=D1=85=D0=BC=D0=B5=D1=82=D0=BE=D0=B2?=
 <a.mullakhmetov@bars-open.ru>
Date: Thu, 12 May 2016 23:01:18 +0300
Subject: [PATCH] Issue #155. Lockout response status code changed to 403.

---
 axes/decorators.py | 9 +++++----
 axes/tests.py      | 8 ++++----
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/axes/decorators.py b/axes/decorators.py
index 036fe08..21cb6b6 100644
--- a/axes/decorators.py
+++ b/axes/decorators.py
@@ -103,7 +103,7 @@ def is_valid_public_ip(ip_address):
     if not is_valid_ip(ip_address):
         return False
     PRIVATE_IPS_PREFIX = (
-        '10.', 
+        '10.',
         '172.16.', '172.17.', '172.18.', '172.19.', '172.20.', '172.21.', '172.22.',
         '172.23.', '172.24.', '172.25.', '172.26.', '172.27.', '172.28.', '172.29.',
         '172.30.', '172.31.',
@@ -358,7 +358,7 @@ def lockout_response(request):
         }
         template = get_template(LOCKOUT_TEMPLATE)
         content = template.render(context, request)
-        return HttpResponse(content)
+        return HttpResponse(content, status=403)
 
     LOCKOUT_URL = get_lockout_url()
     if LOCKOUT_URL:
@@ -366,10 +366,11 @@ def lockout_response(request):
 
     if COOLOFF_TIME:
         return HttpResponse("Account locked: too many login attempts.  "
-                            "Please try again later.")
+                            "Please try again later.", status=403)
     else:
         return HttpResponse("Account locked: too many login attempts.  "
-                            "Contact an admin to unlock your account.")
+                            "Contact an admin to unlock your account.",
+                            status=403)
 
 
 def is_already_locked(request):
diff --git a/axes/tests.py b/axes/tests.py
index b847bd5..cf638b7 100644
--- a/axes/tests.py
+++ b/axes/tests.py
@@ -78,7 +78,7 @@ class AccessAttemptTest(TestCase):
         # So, we shouldn't have gotten a lock-out yet.
         # But we should get one now
         response = self._login()
-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)
 
     def test_failure_limit_many(self):
         """Tests the login lock trying to login a lot of times more
@@ -93,7 +93,7 @@ class AccessAttemptTest(TestCase):
         # We should get a locked message each time we try again
         for i in range(0, random.randrange(1, FAILURE_LIMIT)):
             response = self._login()
-            self.assertContains(response, self.LOCKED_MESSAGE)
+            self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)
 
     def test_valid_login(self):
         """Tests a valid login for a real username
@@ -145,7 +145,7 @@ class AccessAttemptTest(TestCase):
         for i in range(0, FAILURE_LIMIT + 1):
             response = self._login(user_agent=long_user_agent)
 
-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)
 
     def test_reset_ip(self):
         """Tests if can reset an ip address
@@ -208,7 +208,7 @@ class AccessAttemptTest(TestCase):
         # So, we shouldn't have gotten a lock-out yet.
         # But we should get one now
         response = self._login(is_valid_username=True, is_valid_password=False)
-        self.assertContains(response, self.LOCKED_MESSAGE)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)
 
     def test_log_data_truncated(self):
         """Tests that query2str properly truncates data to the max_length (default 1024)