AXES_ENABLED = False can be used to toggle
the plugin off in tests which use the built-in
Django test client login, force_login and logout
methods which do not supply a request views.
Fixes#433
In order to offer backwards compatible import path for the
axes.utils.reset function it has to have a separate
implementation that can be imported independently from
the axes.helpers functions that are used by the
AxesBaseHandler implementation.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Define a base handler API with method signatures
- Move proxy handler to a separate path for importability
- Implement a database handler with clean external dependencies
- Change the authentication backend and decorators to use the authentication backend
This enables clean pluggable authentication backend definitions that users
can override and specialize with e.g. cached handlers in their own packages.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Move cache and cool off utility functions to the axes.utils module
- Clean up axes.attempts duplicate code in attempt and cache calculations
- Add stable implementation for AccessAttempt attribute calculation
in the axes.attempts.get_filter_kwargs function
Fixes#398
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Implements a proxied API which enables overriding
a handler backend with a user supplied implementation.
Fixes#399
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Fixes#389
Remove monkey-patching from the application loader phase
and use the Django authentication stack for lockout signals.
Utilize custom AUTHENTICATION_BACKENDS and MIDDLEWARE with signals
with backwards compatible implementation of features.
Update documentation, configuration and migration instructions
to match the new configuration and improve the code commentation.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Revert some of the PR changes to tests to make sure that all of the
old format function invocations work with the old and new tests.
Implement small enchancements to documentation and credentials resolving
for usability and flexibility with custom authentication backends.
Update documentation to indicate that backwards compatibility
is supported as well as the new format credentials invocations.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
AXES_USERNAME_CALLABLE now gets two parameters and
AXES_PASSWORD_FORM_FIELD applies to the credentials dictionary first and only uses the POST fields as a fallback anymore
