Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-11 17:13:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
447 commits 8 branches 163 tags 4.7 MiB
Commit graph

447 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jack Sullivan
6f1e1c1d34 Fixed extra typo. 2017-05-17 12:19:43 -07:00
Camilo Nova
4835e90990 Merge pull request #229 from HuntedCodes/logging-conf 
Logging respects configuration settings
 2017-05-16 15:01:59 -05:00
Jack Sullivan
4711fb88ff Boosting code coverage 2017-05-13 13:24:23 -07:00
Jack Sullivan
25e5757aff Merge branch 'master' into logging-conf 
Conflicts:
	axes/tests.py
 2017-05-13 11:55:53 -07:00
Camilo Nova
8b4ca6e538 Added pytz as a requirement. Fixes #230 2017-05-09 18:52:18 -05:00
Camilo Nova
49cbf128e5 Merge pull request #228 from HuntedCodes/block-configs 
Fixes #222, and robust testing for lockout conditions
 2017-05-09 09:35:22 -05:00
Camilo Nova
a64b479817 Merge pull request #225 from aleksihakli/xff 
Fixed #224 -- Add AXES_NUM_PROXIES setting
 2017-05-09 09:34:21 -05:00
Jack Sullivan
3b4f8fb7b3 Handles successful AJAX logins. 2017-04-26 14:17:24 -07:00
Jack Sullivan
95917a951e In tests, only set cooldown if testing it 
The results for the cache unit tests were inconsistent, sometimes
blocking and other time allowing. The source of the non-determinism
was the COOLDOWN_TIME set to 2 seconds in the test. If a test took
slightly longer than the cooldown time, it would fail. Testing times
on Travis CI vary with each build, and would produce unreliable
results.

Now all tests have no cooldown period, except when the cooldown
itself is being tested. This ensures accurate and predicable test
results.
 2017-04-26 12:49:44 -07:00
Jack Sullivan
98b82dd27d Fixed path_info formatting. 2017-04-26 09:37:11 -07:00
Jack Sullivan
4783787c6d Fixed UTF-8 encoding bug. 2017-04-26 09:11:11 -07:00
Jack Sullivan
082c6ac35d Boosting code coverage. 2017-04-25 15:21:41 -07:00
Jack Sullivan
ebf9ca89ee Added user agent and verbose logging. 2017-04-25 14:47:33 -07:00
Jack Sullivan
765fddb64a Log successful auth if configured 
When AXES_DISABLE_SUCCESS_ACCESS_LOG=False, write a log that
successful authentication has happened, along with client info.
 2017-04-25 13:49:43 -07:00
Jack Sullivan
4d4b1d233f Factored out logging into functions 2017-04-25 12:50:24 -07:00
Jack Sullivan
55e83bd629 Log messages based on config settings 2017-04-25 12:49:53 -07:00
Jack Sullivan
c86ad06d9d Fixed #222, cache blocks by user only and ip+user 
Cache hash keys now include usernames. The axes settings
AXES_ONLY_USER_FAILURES and LOCK_OUT_BY_COMBINATION_USER_AND_IP
are checked to decide which request attributes to include in
generated cache hash keys.
 2017-04-22 19:19:48 -07:00
Jack Sullivan
1ed448d02f Test blocking configs, using the cache. 
Added 12 tests that verify lockouts for default, AXES_ONLY_USER_FAILURES,
and LOCK_OUT_BY_COMBINATION_USER_AND_IP settings, under four conditions
each: same/different user, and same/different IP address. These tests
verify the cache functionality.
 2017-04-22 18:59:32 -07:00
Jack Sullivan
ad170dabcb ONLY_USER works when cache is disabled 
The _get_user_attempts function now checks for AXES_ONLY_USER_FAILURES,
and only includes the IP when AXES_ONLY_USER_FAILURES = False.
 2017-04-22 18:53:59 -07:00
Jack Sullivan
fb205cc95c Test blocking configs, without the cache enabled. 
Added 12 tests that verify lockouts for default, AXES_ONLY_USER_FAILURES,
and LOCK_OUT_BY_COMBINATION_USER_AND_IP settings, under four conditions
each: same/different user, and same/different IP address.

Truth Table:

  ¦ ¦ ¦ ¦ ¦ ¦ ¦User       IP           Action
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
IP Only      | Same       Same         Block
(Default)    | Same       Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
User Only    | Same       Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Same       Different    Block
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦|--------------------------------
User and IP  | Same       Same         Block
  ¦ ¦ ¦ ¦ ¦ ¦| Same       Different    Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Same         Allow
  ¦ ¦ ¦ ¦ ¦ ¦| Different  Different    Allow
 2017-04-22 18:48:31 -07:00
Jack Sullivan
9de8b356a6 Using @patch instead of @override_settings 
Axes configuration values are pulled from axes.settings, into axes.decorators.
Using @override_settings wasn't setting AXES_ONLY_USER_FAILURES. Patching
the decorator in the test set the value correctly.
 2017-04-22 18:15:28 -07:00
Aleksi Häkli
919df8ebf7 Add tests for proxy number parametrization 2017-04-10 11:47:44 +03:00
Aleksi Häkli
1b10e54611 Fixed #224 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-10 11:47:44 +03:00
Camilo Nova
153623ada3 Merge pull request #226 from aleksihakli/logging 
Improve Logging
 2017-04-07 08:53:56 -05:00
Aleksi Häkli
4dfaa13c9a Add AXES: prefix to all log values for consistency 2017-04-06 19:52:17 +03:00
Aleksi Häkli
64924be83c Fixed #221 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-06 19:50:54 +03:00
Camilo Nova
bcba54ba7a Merge pull request #216 from Maplecroft/master 
Log failed access attempts regardless of settings
 2017-01-13 07:52:31 -05:00
James Rutherford
a2efeeb018 Log failed access attempts regardless of settings 
Fixes #212
 2017-01-12 15:59:46 +00:00
Camilo Nova
fd8cf9aede Merge pull request #214 from wearespindle/master 
Updated configuration docs to include AXES_IP_WHITELIST
 2016-12-16 13:43:19 -05:00
Yi Ming Yung
e5999aff35 Updated configuration docs to include AXES_IP_WHITELIST 2016-12-16 11:44:49 +01:00
Camilo Nova
ca55a6ef16 Merge pull request #197 from jorlugaqui/cache-attemps 
WP: Cache failures in cache
 2016-12-08 10:20:47 -05:00
Jorge Galvis
de9fe09f5c Add test for get_cache_key function 2016-12-06 21:36:49 -05:00
Jorge Galvis
f277007e46 Delete cache key in reset command line 2016-12-06 20:01:44 -05:00
Jorge Galvis
5b791f65f4 Add signals for setting/deleting cache keys 2016-12-06 19:41:04 -05:00
Jorge Galvis
2357a4616b Make it Python3 compatible 2016-12-06 18:08:13 -05:00
Jorge Galvis
19affea1ba Merge branch 'master' into cache-attemps 2016-12-06 17:51:19 -05:00
Jorge Galvis
187195664b Fix tests after apply cache workflow 2016-12-06 16:46:16 -05:00
Camilo Nova
634c542dad Bump version 2016-11-24 08:55:38 -05:00
Camilo Nova
8fde5cf658 Merge pull request #207 from schinckel/only-check-on-post 
Only look for lockable users on a POST.
 2016-11-24 08:49:10 -05:00
Camilo Nova
a418304d80 Merge pull request #209 from Vincit/master 
Fix and add tests for IPv4 and IPv6 parsing from proxy X-Forwarded-For headers
 2016-11-24 08:46:38 -05:00
Aleksi Häkli
41877cdecd Fix and add tests for IPv4 and IPv6 parsing 
This patch does not fix IPv6 parsing with ports
 2016-11-21 21:33:55 +02:00
Matthew Schinckel
90bf691e17 Fix failing test. 
I think I'm just ensuring test coverage is not reduced now.
 2016-11-17 16:57:12 +10:30
Matthew Schinckel
ddfd53d678 More tests. Still not entirely sure where I'm going with this yet. 2016-11-17 16:53:15 +10:30
Matthew Schinckel
68c7128885 Playing around with different is_user_lockable ideas. 2016-11-17 16:46:30 +10:30
Matthew Schinckel
c94e381bb7 Only look for lockable users on a POST. 
Resolves #205.
 2016-11-17 16:23:42 +10:30
Camilo Nova
ef3d527bee Bump version 2016-11-12 16:06:49 -05:00
Camilo Nova
1c0e468f40 Merge pull request #203 from benkonrath/patch-1 
Update configuration.rst
 2016-11-12 16:00:05 -05:00
Ben Konrath
acbccda6f5 Update configuration.rst 2016-11-10 13:05:00 +01:00
Camilo Nova
a1ed57cbf0 Merge pull request #202 from samkuehn/master 
Fix for #201
 2016-11-07 11:10:12 -05:00
Sam Kuehn
610f04120f fix python3 import 2016-11-07 09:02:13 -07:00