Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-22 06:11:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
452 commits 10 branches 163 tags 4.7 MiB
Commit graph

139 commits

Author SHA1 Message Date
Camilo Nova
ba37442252 Added support for Django signals, big code refactor and improvements 2017-11-17 17:15:34 -05:00
Jack Sullivan
6f1e1c1d34 Fixed extra typo. 2017-05-17 12:19:43 -07:00
Jack Sullivan
25e5757aff Merge branch 'master' into logging-conf 
Conflicts:
	axes/tests.py
 2017-05-13 11:55:53 -07:00
Camilo Nova
49cbf128e5 Merge pull request #228 from HuntedCodes/block-configs 
Fixes #222, and robust testing for lockout conditions
 2017-05-09 09:35:22 -05:00
Jack Sullivan
3b4f8fb7b3 Handles successful AJAX logins. 2017-04-26 14:17:24 -07:00
Jack Sullivan
98b82dd27d Fixed path_info formatting. 2017-04-26 09:37:11 -07:00
Jack Sullivan
4783787c6d Fixed UTF-8 encoding bug. 2017-04-26 09:11:11 -07:00
Jack Sullivan
ebf9ca89ee Added user agent and verbose logging. 2017-04-25 14:47:33 -07:00
Jack Sullivan
765fddb64a Log successful auth if configured 
When AXES_DISABLE_SUCCESS_ACCESS_LOG=False, write a log that
successful authentication has happened, along with client info.
 2017-04-25 13:49:43 -07:00
Jack Sullivan
4d4b1d233f Factored out logging into functions 2017-04-25 12:50:24 -07:00
Jack Sullivan
55e83bd629 Log messages based on config settings 2017-04-25 12:49:53 -07:00
Jack Sullivan
c86ad06d9d Fixed #222, cache blocks by user only and ip+user 
Cache hash keys now include usernames. The axes settings
AXES_ONLY_USER_FAILURES and LOCK_OUT_BY_COMBINATION_USER_AND_IP
are checked to decide which request attributes to include in
generated cache hash keys.
 2017-04-22 19:19:48 -07:00
Jack Sullivan
ad170dabcb ONLY_USER works when cache is disabled 
The _get_user_attempts function now checks for AXES_ONLY_USER_FAILURES,
and only includes the IP when AXES_ONLY_USER_FAILURES = False.
 2017-04-22 18:53:59 -07:00
Aleksi Häkli
1b10e54611 Fixed #224 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-10 11:47:44 +03:00
Aleksi Häkli
4dfaa13c9a Add AXES: prefix to all log values for consistency 2017-04-06 19:52:17 +03:00
Aleksi Häkli
64924be83c Fixed #221 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-06 19:50:54 +03:00
James Rutherford
a2efeeb018 Log failed access attempts regardless of settings 
Fixes #212
 2017-01-12 15:59:46 +00:00
Jorge Galvis
2357a4616b Make it Python3 compatible 2016-12-06 18:08:13 -05:00
Jorge Galvis
19affea1ba Merge branch 'master' into cache-attemps 2016-12-06 17:51:19 -05:00
Camilo Nova
8fde5cf658 Merge pull request #207 from schinckel/only-check-on-post 
Only look for lockable users on a POST.
 2016-11-24 08:49:10 -05:00
Aleksi Häkli
41877cdecd Fix and add tests for IPv4 and IPv6 parsing 
This patch does not fix IPv6 parsing with ports
 2016-11-21 21:33:55 +02:00
Matthew Schinckel
68c7128885 Playing around with different is_user_lockable ideas. 2016-11-17 16:46:30 +10:30
Matthew Schinckel
c94e381bb7 Only look for lockable users on a POST. 
Resolves #205.
 2016-11-17 16:23:42 +10:30
Sam Kuehn
a32f030c6a fix exception too broad 2016-11-04 15:27:19 -06:00
Sam Kuehn
7e6ac85d4e fix #201 error: illegal IP address string passed to inet_pton 2016-11-04 14:59:42 -06:00
Yi Ming Yung
b49e685603 Added settings for disabling success accesslogs and added complete disabling of accesslogs 2016-11-04 14:09:48 +01:00
Jorge Galvis
14950ee83a WP: Cache failures in cache 2016-11-02 00:25:32 -05:00
Camilo Nova
790f451092 Merge pull request #193 from slurms/master 
Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work.
 2016-09-23 11:56:34 -05:00
Nick Sandford
99807d0a1b Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work. 2016-09-23 14:58:29 +01:00
lip77us
cad837aac9 Added AXES_ONLY_USER_FAILURES to support only looking at the user ID and not the IP address. I needed to add this for offices that use the same IP. One user was locking the whole office out of my application. Tests updated as well. 2016-09-22 12:35:51 -07:00
Camilo Nova
a5624646fb Merge pull request #188 from Dmitri-Sintsov/master 
Removed ipaddress module dependency.
 2016-08-22 10:55:45 -05:00
Dmitriy Sintsov
3cf1d03774 Use socket.inet_pton() to detect workaround for axes_accesslog.ip_address 'inet' field type insert error when running behind IIS as reverse proxy which adds port number to client address in X_FORWARDED_FOR HTTP header. 2016-08-22 11:53:05 +03:00
Dmitriy Sintsov
d772717314 Use backport of ipaddress module for Python 2.x: https://github.com/phihag/ipaddress 2016-08-20 14:02:28 +03:00
Dmitriy Sintsov
50b9d97281 Detect IPv6 addresses in decorators.get_ip() when running behind reverse proxy. 2016-08-20 11:44:20 +03:00
Camilo Nova
b9d5fae32a Fix for IIS used as reverse proxy. Closes #184 2016-08-18 10:55:27 -05:00
Dmitriy Sintsov
4d8caa3e03 Fix for IIS used as reverse proxy adding port number to 'HTTP_X_FORWARDED_FOR' header causing axes_accesslog.ip_address table insertion error. 2016-08-17 16:22:57 +03:00
Sven Hertle
65ed32f866 Unsuccessful logins are logged even if access log is disabled 2016-08-11 12:45:53 +02:00
Sven Hertle
6b1c5787dc fixed tests 2016-08-10 17:18:57 +02:00
Sven Hertle
2b86159a40 Added possibility to disable access log 2016-08-10 16:35:02 +02:00
Camilo Nova
0239e173e0 🔥 Clean weird logic when processing proxy ips 2016-07-20 11:38:37 -05:00
Camilo Nova
08f40bc13b 🔥 Cleaning 2016-06-24 09:42:18 -05:00
Camilo Nova
19f4e709e8 🔥 Do some cleaning 2016-06-24 08:41:24 -05:00
Camilo Nova
a87ffa6874 Merge pull request #158 from mullakhmetov/json-response-type 
Added JSON response type.
 2016-06-07 09:12:10 -05:00
Joeri Bekker
99fd05e68c Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out. 2016-06-02 13:40:31 +02:00
Artur Mullakhmetov
5627d1c285 Merge remote-tracking branch 'upstream/master' into json-response-type 
# Conflicts:
#	axes/decorators.py
 2016-05-30 16:36:39 +03:00
Artur Mullakhmetov
06a97de5d9 Edit json response. Context now contains ISO 8601 formatted cooloff time. 2016-05-30 16:05:10 +03:00
Radosław Luter
dfc2a50f2c use render shortcut for rendering LOCKOUT_TEMPLATE 2016-05-20 17:44:20 +02:00
Артур Муллахметов
2643de5e59 Add humanize COOLOFF_TIME output. Additional in HttpReponse case, 
substitutive in JSON response case.
 2016-05-13 11:50:17 +03:00
Артур Муллахметов
4e8f94d7c2 Add json response on ajax request. 2016-05-13 11:15:38 +03:00
Артур Муллахметов
cef95f8bc3 Issue #155. Lockout response status code changed to 403. 2016-05-12 23:19:22 +03:00