From eb10ecb44405cb39f66494e693509f3ac11a449b Mon Sep 17 00:00:00 2001 From: Hasan Ramezani Date: Sun, 1 Dec 2019 13:23:16 +0100 Subject: [PATCH] Add comment about caching get_user_attempts output can be dangerous. --- axes/handlers/database.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/axes/handlers/database.py b/axes/handlers/database.py index 214ac1e..9af490a 100644 --- a/axes/handlers/database.py +++ b/axes/handlers/database.py @@ -29,6 +29,9 @@ log = getLogger(settings.AXES_LOGGER) class AxesDatabaseHandler(AxesHandler): # pylint: disable=too-many-locals """ Signal handler implementation that records user login attempts to database and locks users out if necessary. + + .. note:: The get_user_attempts function is called several time during the authentication and lockout + process, caching its output can be dangerous. """ def reset_attempts(self, *, ip_address: str = None, username: str = None) -> int: