From 98d8a29a700b95949bffb7e9ace2313178998aab Mon Sep 17 00:00:00 2001 From: zoten Date: Wed, 20 Aug 2014 10:35:19 +0200 Subject: [PATCH] Log out only if user was logged in Not useful to trigger a logout signal if the user was not authenticated, for logging purposes --- axes/decorators.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/axes/decorators.py b/axes/decorators.py index 9060e46..13f1c4c 100644 --- a/axes/decorators.py +++ b/axes/decorators.py @@ -424,7 +424,8 @@ def check_request(request, login_unsuccessful): if failures > FAILURE_LIMIT and LOCK_OUT_AT_FAILURE and user_lockable: # We log them out in case they actually managed to enter the correct # password - logout(request) + if hasattr(request, 'user') and request.user.is_authenticated(): + logout(request) log.warn('AXES: locked out %s after repeated login attempts.' % (ip_address,)) # send signal when someone is locked out.