From 268f7d8a3b7674810102286ed7fd7674fed16630 Mon Sep 17 00:00:00 2001 From: Sylwester Gruszka Date: Sun, 14 Jan 2018 22:10:53 +0100 Subject: [PATCH 1/2] docs instructions on allauth integration --- docs/usage.rst | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/docs/usage.rst b/docs/usage.rst index d43fbec..c588c1c 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -120,3 +120,56 @@ them as per the example. urlpatterns = [ path('login/', Login.as_view(), name='login'), ] + +Integration with django-allauth +------------------------------- + +``axes`` rely on having login id stored under ``AXES_USERNAME_FORM_FIELD`` key +both in ``request.POST`` and in ``credentials`` dict passed to +``user_login_failed`` signal. This is not the case with ``allauth``. +They allways use ``login`` key in post POST data but it becomes ``username`` +key in ``credentials`` dict in signal handler. + +To overcome this you need to use custom login form that duplicates the value +of ``username`` key under a ``login`` key in that dict +(and set ``AXES_USERNAME_FORM_FIELD = 'login'``). + +You also need to decorate ``dispatch()`` and ``form_invalid()`` methods +of ``allauth``'s login view. By default ``axes`` is patching only the +``LoginView`` from ``django.contrib.auth`` app - with ``allauth`` you have to +do it yourself. + +*settings.py:*:: + + AXES_USERNAME_FORM_FIELD = 'login' + +*forms.py:*:: + + from allauth.account.forms import LoginForm + + class AllauthCompatLoginForm(LoginForm): + def user_credentials(self): + credentials = super(AllauthCompatLoginForm, self).user_credentials() + credentials['login'] = credentials.get('email') or credentials.get('username') + return credentials + +*urls.py:*:: + + from allauth.account.views import LoginView + from axes.decorators import axes_dispatch + from axes.decorators import axes_form_invalid + from django.utils.decorators import method_decorator + + from my_app.forms import AllauthCompatLoginForm + + LoginView.dispatch = method_decorator(axes_dispatch)(LoginView.dispatch) + LoginView.form_invalid = method_decorator(axes_form_invalid)(LoginView.form_invalid) + + urlpatterns = [ + ... + url(r'^accounts/login/$', # Override allauth's default view with our compatibility mod + LoginView.as_view(form_class=AllauthCompatLoginForm), + name="account_login"), + url(r'^accounts/', include('allauth.urls')), + ... + ] From 4c67d4187f284b0ee520cec9508df25a1261785c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksi=20H=C3=A4kli?= Date: Mon, 15 Jan 2018 13:06:53 +0200 Subject: [PATCH 2/2] Update documentation Clean up syntax for allauth examples --- docs/usage.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/usage.rst b/docs/usage.rst index c588c1c..aa08cb8 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -112,7 +112,7 @@ them as per the example. ) return HttpResponse(status=403) -*urls.py:*:: +*urls.py:* :: from django.urls import path from myapp.views import Login @@ -124,10 +124,10 @@ them as per the example. Integration with django-allauth ------------------------------- -``axes`` rely on having login id stored under ``AXES_USERNAME_FORM_FIELD`` key +``axes`` relies on having login information stored under ``AXES_USERNAME_FORM_FIELD`` key both in ``request.POST`` and in ``credentials`` dict passed to ``user_login_failed`` signal. This is not the case with ``allauth``. -They allways use ``login`` key in post POST data but it becomes ``username`` +``allauth`` always uses ``login`` key in post POST data but it becomes ``username`` key in ``credentials`` dict in signal handler. To overcome this you need to use custom login form that duplicates the value @@ -135,15 +135,15 @@ of ``username`` key under a ``login`` key in that dict (and set ``AXES_USERNAME_FORM_FIELD = 'login'``). You also need to decorate ``dispatch()`` and ``form_invalid()`` methods -of ``allauth``'s login view. By default ``axes`` is patching only the -``LoginView`` from ``django.contrib.auth`` app - with ``allauth`` you have to -do it yourself. +of the ``allauth`` login view. By default ``axes`` is patching only the +``LoginView`` from ``django.contrib.auth`` app and with ``allauth`` you have to +do the patching of views yourself. -*settings.py:*:: +*settings.py:* :: AXES_USERNAME_FORM_FIELD = 'login' -*forms.py:*:: +*forms.py:* :: from allauth.account.forms import LoginForm @@ -153,7 +153,7 @@ do it yourself. credentials['login'] = credentials.get('email') or credentials.get('username') return credentials -*urls.py:*:: +*urls.py:* :: from allauth.account.views import LoginView from axes.decorators import axes_dispatch @@ -166,10 +166,10 @@ do it yourself. LoginView.form_invalid = method_decorator(axes_form_invalid)(LoginView.form_invalid) urlpatterns = [ - ... - url(r'^accounts/login/$', # Override allauth's default view with our compatibility mod + # ... + url(r'^accounts/login/$', # Override allauth's default view with a patched view LoginView.as_view(form_class=AllauthCompatLoginForm), name="account_login"), url(r'^accounts/', include('allauth.urls')), - ... + # ... ]