Fixes#1280
- Use SimpleLazyObject to defer get_user_model() evaluation
- Prevents circular import when custom user models import from axes
- Add test coverage for lazy evaluation in test_conf.py
BREAKING CHANGE: add `AXES_LOCKOUT_PARAMETERS` flag which accepts an iterable of keys or a callable that resolves an iterable.
The key can be a string (represents a single parameter) or an Iterable of strings (represents a combined parameter).
For example, using this parameters
```python
AXES_LOCKOUT_PARAMETERS = [
"ip_address",
("username", "user_agent"),
]
```
axes will block users by IP and/or combination of username and user agent
Problem: When `AXES_ENABLED == False` we still see log output because `AXES_VERBOSE == True`.
Solution: Change `AXES_VERBOSE` default so that if django-axes is disabled then we don't output to stdout.
Fixes#634
The Django import system seems to produce errors
in certain configurations and especially when
MIGRATION_MODULES configuration is set globally.
This is most probably caused by misbehaving or cyclic
Python module imports in the Django application
instrumentatation chain that come up when the
MIGRATION_MODULES configuration is altered.
This patch migrates to the standard Python logging system
use and has less overhead and complexity for users as well.
Having a configurable logging prefix does not produce
a lot of benefits and is less flexible than having
all individual module logging configurations accessible
through the module __name__ parameter in Axes.
For example axes.handlers.* or axes.backends.*
are separately configurable in the new scheme
whereas they would have been both bundled under
the AXES_LOGGER log configuration.
AXES_ENABLED = False can be used to toggle
the plugin off in tests which use the built-in
Django test client login, force_login and logout
methods which do not supply a request views.
Fixes#433
New Django deprecates six usage and the new
django-appconf version offers six internally,
being compatible with new Django versions.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Implement forwards compatibility for missing
django.utils.six package imports on Django 2.2
Relates to django-compressor/django-appconf#44
and can be removed after django-appconf
has received a new release which deprecates
the use of the integrated Django six library
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Define a base handler API with method signatures
- Move proxy handler to a separate path for importability
- Implement a database handler with clean external dependencies
- Change the authentication backend and decorators to use the authentication backend
This enables clean pluggable authentication backend definitions that users
can override and specialize with e.g. cached handlers in their own packages.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Move cache and cool off utility functions to the axes.utils module
- Clean up axes.attempts duplicate code in attempt and cache calculations
- Add stable implementation for AccessAttempt attribute calculation
in the axes.attempts.get_filter_kwargs function
Fixes#398
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Implements a proxied API which enables overriding
a handler backend with a user supplied implementation.
Fixes#399
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
