Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-11 09:03:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
430 commits 8 branches 163 tags 4.7 MiB
Commit graph

430 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jack Sullivan
4783787c6d Fixed UTF-8 encoding bug. 2017-04-26 09:11:11 -07:00
Jack Sullivan
c86ad06d9d Fixed #222, cache blocks by user only and ip+user 
Cache hash keys now include usernames. The axes settings
AXES_ONLY_USER_FAILURES and LOCK_OUT_BY_COMBINATION_USER_AND_IP
are checked to decide which request attributes to include in
generated cache hash keys.
 2017-04-22 19:19:48 -07:00
Jack Sullivan
1ed448d02f Test blocking configs, using the cache. 
Added 12 tests that verify lockouts for default, AXES_ONLY_USER_FAILURES,
and LOCK_OUT_BY_COMBINATION_USER_AND_IP settings, under four conditions
each: same/different user, and same/different IP address. These tests
verify the cache functionality.
 2017-04-22 18:59:32 -07:00
Jack Sullivan
ad170dabcb ONLY_USER works when cache is disabled 
The _get_user_attempts function now checks for AXES_ONLY_USER_FAILURES,
and only includes the IP when AXES_ONLY_USER_FAILURES = False.
 2017-04-22 18:53:59 -07:00
Jack Sullivan
fb205cc95c Test blocking configs, without the cache enabled. 
Added 12 tests that verify lockouts for default, AXES_ONLY_USER_FAILURES,
and LOCK_OUT_BY_COMBINATION_USER_AND_IP settings, under four conditions
each: same/different user, and same/different IP address.

Truth Table:

  ¦ ¦ ¦ ¦ ¦ ¦ ¦User       IP           Action
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
IP Only      | Same       Same         Block
(Default)    | Same       Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
User Only    | Same       Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Same       Different    Block
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
User and IP  | Same       Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Same       Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
 2017-04-22 18:48:31 -07:00
Jack Sullivan
9de8b356a6 Using @patch instead of @override_settings 
Axes configuration values are pulled from axes.settings, into axes.decorators.
Using @override_settings wasn't setting AXES_ONLY_USER_FAILURES. Patching
the decorator in the test set the value correctly.
 2017-04-22 18:15:28 -07:00
Camilo Nova
153623ada3 Merge pull request #226 from aleksihakli/logging 
Improve Logging
 2017-04-07 08:53:56 -05:00
Aleksi Häkli
4dfaa13c9a Add AXES: prefix to all log values for consistency 2017-04-06 19:52:17 +03:00
Aleksi Häkli
64924be83c Fixed #221 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-06 19:50:54 +03:00
Camilo Nova
bcba54ba7a Merge pull request #216 from Maplecroft/master 
Log failed access attempts regardless of settings
 2017-01-13 07:52:31 -05:00
James Rutherford
a2efeeb018 Log failed access attempts regardless of settings 
Fixes #212
 2017-01-12 15:59:46 +00:00
Camilo Nova
fd8cf9aede Merge pull request #214 from wearespindle/master 
Updated configuration docs to include AXES_IP_WHITELIST
 2016-12-16 13:43:19 -05:00
Yi Ming Yung
e5999aff35 Updated configuration docs to include AXES_IP_WHITELIST 2016-12-16 11:44:49 +01:00
Camilo Nova
ca55a6ef16 Merge pull request #197 from jorlugaqui/cache-attemps 
WP: Cache failures in cache
 2016-12-08 10:20:47 -05:00
Jorge Galvis
de9fe09f5c Add test for get_cache_key function 2016-12-06 21:36:49 -05:00
Jorge Galvis
f277007e46 Delete cache key in reset command line 2016-12-06 20:01:44 -05:00
Jorge Galvis
5b791f65f4 Add signals for setting/deleting cache keys 2016-12-06 19:41:04 -05:00
Jorge Galvis
2357a4616b Make it Python3 compatible 2016-12-06 18:08:13 -05:00
Jorge Galvis
19affea1ba Merge branch 'master' into cache-attemps 2016-12-06 17:51:19 -05:00
Jorge Galvis
187195664b Fix tests after apply cache workflow 2016-12-06 16:46:16 -05:00
Camilo Nova
634c542dad Bump version 2016-11-24 08:55:38 -05:00
Camilo Nova
8fde5cf658 Merge pull request #207 from schinckel/only-check-on-post 
Only look for lockable users on a POST.
 2016-11-24 08:49:10 -05:00
Camilo Nova
a418304d80 Merge pull request #209 from Vincit/master 
Fix and add tests for IPv4 and IPv6 parsing from proxy X-Forwarded-For headers
 2016-11-24 08:46:38 -05:00
Aleksi Häkli
41877cdecd Fix and add tests for IPv4 and IPv6 parsing 
This patch does not fix IPv6 parsing with ports
 2016-11-21 21:33:55 +02:00
Matthew Schinckel
90bf691e17 Fix failing test. 
I think I'm just ensuring test coverage is not reduced now.
 2016-11-17 16:57:12 +10:30
Matthew Schinckel
ddfd53d678 More tests. Still not entirely sure where I'm going with this yet. 2016-11-17 16:53:15 +10:30
Matthew Schinckel
68c7128885 Playing around with different is_user_lockable ideas. 2016-11-17 16:46:30 +10:30
Matthew Schinckel
c94e381bb7 Only look for lockable users on a POST. 
Resolves #205.
 2016-11-17 16:23:42 +10:30
Camilo Nova
ef3d527bee Bump version 2016-11-12 16:06:49 -05:00
Camilo Nova
1c0e468f40 Merge pull request #203 from benkonrath/patch-1 
Update configuration.rst
 2016-11-12 16:00:05 -05:00
Ben Konrath
acbccda6f5 Update configuration.rst 2016-11-10 13:05:00 +01:00
Camilo Nova
a1ed57cbf0 Merge pull request #202 from samkuehn/master 
Fix for #201
 2016-11-07 11:10:12 -05:00
Sam Kuehn
610f04120f fix python3 import 2016-11-07 09:02:13 -07:00
Sam Kuehn
a32f030c6a fix exception too broad 2016-11-04 15:27:19 -06:00
Sam Kuehn
7e6ac85d4e fix #201 error: illegal IP address string passed to inet_pton 2016-11-04 14:59:42 -06:00
Sam Kuehn
c86f234a3a add test for is_ipv6 2016-11-04 14:54:03 -06:00
Camilo Nova
8c3093c1b2 Merge pull request #200 from wearespindle/master 
Added proper DISABLE_ACCESS_LOG. (With succeeding test suite)
 2016-11-04 15:33:13 -05:00
Yi Ming Yung
b49e685603 Added settings for disabling success accesslogs and added complete disabling of accesslogs 2016-11-04 14:09:48 +01:00
Yi Ming Yung
c65a09d679 Merge remote-tracking branch 'upstream/master' 2016-11-04 13:27:07 +01:00
Jannis Leidel
d07a5e09fb Removed Travis PyPI deploy due to brokeness of password handling 2016-11-04 12:56:01 +01:00
Jannis Leidel
9420290542 Yet another try. 2016-11-04 12:42:11 +01:00
Jannis Leidel
2689e46f91 Fix PyPI password again 
This referes to https://github.com/travis-ci/dpl/issues/377 basically
 2016-11-04 12:32:28 +01:00
Jannis Leidel
5869ce037a Add Django 1.10 to test matrix 2016-11-04 12:31:59 +01:00
Jannis Leidel
10208e7d70 Update changelog and pump version to 2.3.0 2016-11-04 12:02:26 +01:00
Jannis Leidel
08690d9db1 Fix Travis creds and release conditions 2016-11-04 11:54:17 +01:00
Jorge Galvis
14950ee83a WP: Cache failures in cache 2016-11-02 00:25:32 -05:00
Sobolev Nikita
8cd326f099 Updated readme.rst with svg badge 2016-10-27 20:13:02 +03:00
Camilo Nova
f8d1031fdb Merge pull request #196 from vladimirnani/patch-1 
Reset lockouts for user
 2016-10-24 14:03:22 -05:00
Vladimir Nani
9c8ab657ba Reset lockouts for user 2016-10-24 12:24:32 +03:00
Camilo Nova
b6139ff80d Merge pull request #195 from EvaMarques/patch-1 
Fix bug when using the optional IP parameter
 2016-09-28 11:14:02 -05:00