The [usage documentation](https://django-axes.readthedocs.io/en/latest/3_usage.html) advises to create subclass of `AxesBackend` to ignore the lack of `request` if necessary. I've done this in a project using `django-oauth-toolkit`, which doesn't pass `request` (though it should as per [this PR](https://github.com/jazzband/django-oauth-toolkit/pull/643)).
This meant that the axes.W003 check was being triggered, so I've fixed it to check for subclasses of `AxesBackend` as well as the class itself.
The old architecture used exceptions in the signal handler
which prevented transactions from running smoothly
and signal handlers from running after Axes handlers.
The new architecture changes the request approach to request flagging
and moves the exception handling into the middleware call method.
This allows users to more flexibly run their own signal handlers
and optionally use the Axes middleware if they want to do so.
Fixes#440Fixes#442
Changes introduced in version 5.0 release broke compatibility
with some external Django applications and plugins,
which use login and logout methods internally.
AXES_ENABLED = False can be used to toggle
the plugin off in tests which use the built-in
Django test client login, force_login and logout
methods which do not supply a request views.
Fixes#433
Most of our users are already running on Python 3.6+
and dropping 3.5 and below in a future oriented release
allows us to focus on implementing more readable codebases.
Fixes#417
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
In order to offer backwards compatible import path for the
axes.utils.reset function it has to have a separate
implementation that can be imported independently from
the axes.helpers functions that are used by the
AxesBaseHandler implementation.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
A handler is always loaded if Axes is active,
and the dummy handler is intended for use when
the user wishes to use either the middleware
or authentication backends but does not want
Axes to handle or emit signals from
authentication events.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Define a base handler API with method signatures
- Move proxy handler to a separate path for importability
- Implement a database handler with clean external dependencies
- Change the authentication backend and decorators to use the authentication backend
This enables clean pluggable authentication backend definitions that users
can override and specialize with e.g. cached handlers in their own packages.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Clean up internal implementations and tests while keeping the
APIs as similar as possible where feasible.
The goal of this change is to not change any documented
or stable APIs that might be in use by users, but to improve
the internal implementations for maintainability and usability.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Cool off time was overly long on a number of test
- Cool off time on test was fetched with the wrong method
resulting in bugs on non-integer second cool off values
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
