Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-16 22:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

#1093: "AXES_SENSITIVE_PARAMETERS" now have sensible defaults to follow "privacy-by-design"

Browse source
This commit is contained in:
Ronny Vedrilla 2023-07-27 09:25:08 +02:00 committed by Aleksi Häkli
parent ab78724518
commit e9db2d9631
3 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
axes/conf.py
View file

@ -124,7 +124,7 @@ settings.AXES_ALLOWED_CORS_ORIGINS = getattr(settings, "AXES_ALLOWED_CORS_ORIGIN
settings.AXES_SENSITIVE_PARAMETERS = getattr(
settings,
"AXES_SENSITIVE_PARAMETERS",
[],
["username", "ip_address"],
)
# set the callable for the readable string that can be used in

2
docs/4_configuration.rst
View file

@ -59,7 +59,7 @@ The following ``settings.py`` options are available for customizing Axes behavio
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_PASSWORD_FORM_FIELD | 'password' | The name of the form or credentials field that contains your users password. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_SENSITIVE_PARAMETERS | [] | Configures POST and GET parameter values (in addition to the value of ``AXES_PASSWORD_FORM_FIELD``) to mask in login attempt logging. |
| AXES_SENSITIVE_PARAMETERS | ["username", "ip_address"] | Configures POST and GET parameter values (in addition to the value of ``AXES_PASSWORD_FORM_FIELD``) to mask in login attempt logging. Defaults enable privacy-by-design. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_NEVER_LOCKOUT_GET | False | If ``True``, Axes will never lock out HTTP GET requests. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

3
tests/test_helpers.py
View file

@ -82,6 +82,7 @@ class TimestampTestCase(AxesTestCase):
self.assertEqual(get_cool_off_iso8601(delta), iso_duration)
@override_settings(AXES_SENSITIVE_PARAMETERS=[])
class ClientStringTestCase(AxesTestCase):
@staticmethod
def get_expected_client_str(*args, **kwargs):
@ -1020,6 +1021,7 @@ class AxesCleanseParamsTestCase(AxesTestCase):
"other_sensitive_data": "sensitive",
}
@override_settings(AXES_SENSITIVE_PARAMETERS=[])
def test_cleanse_parameters(self):
cleansed = cleanse_parameters(self.parameters)
self.assertEqual("test_user", cleansed["username"])
@ -1041,6 +1043,7 @@ class AxesCleanseParamsTestCase(AxesTestCase):
self.assertEqual("********************", cleansed["password"])
self.assertEqual("********************", cleansed["other_sensitive_data"])
@override_settings(AXES_SENSITIVE_PARAMETERS=[])
@override_settings(AXES_PASSWORD_FORM_FIELD=None)
def test_cleanse_parameters_override_empty(self):
cleansed = cleanse_parameters(self.parameters)