Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-19 07:40:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
321 commits 4 branches 163 tags 4.6 MiB
Commit graph

167 commits

Author SHA1 Message Date
Camilo Nova
7a395011a4 Removed filter by ip address 2016-06-23 17:34:57 -05:00
Artur Mullakhmetov
dfe7d84907 Fix ISO8601 time duration format. 2016-06-20 17:40:17 +03:00
Camilo Nova
a87ffa6874 Merge pull request #158 from mullakhmetov/json-response-type 
Added JSON response type.
 2016-06-07 09:12:10 -05:00
Joeri Bekker
99fd05e68c Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out. 2016-06-02 13:40:31 +02:00
Artur Mullakhmetov
5627d1c285 Merge remote-tracking branch 'upstream/master' into json-response-type 
# Conflicts:
#	axes/decorators.py
 2016-05-30 16:36:39 +03:00
Artur Mullakhmetov
1c303ceec5 Add json response and iso8601 tests. 2016-05-30 16:08:34 +03:00
Artur Mullakhmetov
06a97de5d9 Edit json response. Context now contains ISO 8601 formatted cooloff time. 2016-05-30 16:05:10 +03:00
Artur Mullakhmetov
7444c4e3b3 Add iso8601 translator. 2016-05-30 15:59:48 +03:00
Camilo Nova
142f49d919 Merge pull request #161 from yograterol/patch-1 
Added app_label for RemovedInDjango19Warning
 2016-05-26 08:56:17 -05:00
Yohan Graterol
677fa3986b Added app_label for RemovedInDjango19Warning 2016-05-23 08:02:33 -05:00
Radosław Luter
dfc2a50f2c use render shortcut for rendering LOCKOUT_TEMPLATE 2016-05-20 17:44:20 +02:00
Артур Муллахметов
2643de5e59 Add humanize COOLOFF_TIME output. Additional in HttpReponse case, 
substitutive in JSON response case.
 2016-05-13 11:50:17 +03:00
Артур Муллахметов
4e8f94d7c2 Add json response on ajax request. 2016-05-13 11:15:38 +03:00
Steve Meinel
8e8bfab789 BUGFIX: Missing migration 2016-05-12 15:14:23 -07:00
Артур Муллахметов
cef95f8bc3 Issue #155. Lockout response status code changed to 403. 2016-05-12 23:19:22 +03:00
Silas Barta
70af6ea206 Set IP public/private classifier to be compliant with RFC 1918. 2016-04-27 13:48:50 -07:00
Jonas Trappenberg
d10d1cfa7f Decorate auth_views.login only once 2016-04-21 17:53:53 -07:00
Serhiy Zahoriya
d193641bad Fixing #126, possibly breaking compatibility with Django<=1.7 2016-03-11 19:43:01 +02:00
Michael van de Waeter
a4ed01c22d Made migrations py3 compatible 2016-03-08 22:41:10 +01:00
Patrick Hagemeister
d7b2a18305 Fixes whitelist check when BEHIND_REVERSE_PROXY 2016-01-29 12:44:56 +01:00
Marco Schweighauser
3637a8038d Add db indexes to CommonAccess model 2015-12-17 13:50:29 -08:00
ibaguio
78099e5571 added initial migration files to support django 1.7 &up 2015-11-16 22:02:19 +08:00
Ann Paul
74f50d8211 Iterate over ip addresses only once 2015-10-23 08:56:32 -07:00
Camilo Nova
035dca0b44 Merge pull request #131 from jdunck/fast-path-unlockable 
Immediately return from is_already_locked if the user is not lockable
 2015-10-17 16:42:42 -05:00
Jeremy Dunck
57e667ac73 Immediately return from is_already_locked if the user is not lockable 2015-10-13 14:34:11 -07:00
Joey Wilhelm
4dae514972 Removed an unnecessary six.u() call. Also excluded Py 3.4/Django 1.4 from tests 2015-10-12 13:21:28 -07:00
Joey Wilhelm
b36e5513d9 Improved performance & DoS prevention on query2str 2015-10-09 16:08:27 -07:00
Joey Wilhelm
e56906b766 Stopped using render_to_response so that other template engines work 2015-10-06 18:40:41 -07:00
afioca
796bc43646 Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True 2015-08-31 10:18:27 -04:00
Dale O'Brien
68f0d5ee86 Add username to LOCKOUT_TEMPLATE template context 
So I can use their username in the lockout template, e.g. something like this,
 2015-07-06 13:18:03 +10:00
Camilo Nova
2dfcf969d8 Revert "properly use username and IP when pulling attempts. add test and easier testing command." 2015-06-26 09:07:22 -05:00
Steve Byerly
4a926c7cc6 properly use username and IP when pulling attempts. add test. 2015-06-23 09:16:01 -07:00
Tobias Birmili
3a3b955225 Fixes sending the user_locked_out signal. 
It also adds a test for that. Fixes #94.
 2015-04-29 14:08:03 +02:00
Camilo Nova
41ad3cc806 Cleaned testing, removing global state and made some tweaks 2015-03-23 08:56:22 -05:00
Vladimir Shaykovskiy
c43cd7bb9d Fixed create_new_failure_records(), added feature to lock out by USER+IP combination only 
Removed unnecessary separating of one failure attempt on two AccessAttempt objects(according to current code it's not required).
Added optional feature to lock out account login from particular IP.
 2015-03-20 20:56:15 +03:00
Camilo Nova
cb2c014334 Improved the way we ask if a user is lockable 
Fixes #113
 2015-02-24 11:16:24 -05:00
Patrick Miller
4727fb639f added middleware to decorate views with watched_login 2014-12-23 08:17:34 -07:00
Adrian Lopez
23e0ad9635 Syntax error fixed - closes #104 2014-11-25 00:49:27 +01:00
AJ
b77daf2657 refactored password form field for it can be set from settings 
added extra logic in decorated login to handle two_factor no redirecty login

added extra logic in decorated login to handle two_factor no redirecty login part 2

added extra logic in decorated login to handle two_factor no redirecty login part 3

removed extra changes
 2014-10-01 21:06:41 -07:00
Camilo Nova
a2860d287f Merge pull request #97 from SteveByerly/master 
Allow for user-defined username field for lookup in POST data
 2014-09-17 16:12:07 -05:00
Camilo Nova
ee62450b79 Merge pull request #96 from zoten/master 
Log out only if user was logged in
 2014-09-17 16:10:34 -05:00
Camilo Nova
553922ce1a Merge pull request #78 from marianov/master 
Support for floats in cooloff time (i.e: 0.1 == 6 minutes)
 2014-09-17 15:56:32 -05:00
Camilo Nova
4d9d240552 Merge pull request #75 from peterkuma/postdatafix-pr 
Limit amount of POST data logged (#73)
 2014-09-17 15:55:48 -05:00
Steve Byerly
a11de14127 allow for user-defined username login form field 2014-09-09 14:32:14 -07:00
zoten
98d8a29a70 Log out only if user was logged in 
Not useful to trigger a logout signal if the user was not authenticated, for logging purposes
 2014-08-20 10:35:19 +02:00
Scott Adams
2165a23c49 Improve get_ip to try for real ip address 2014-08-13 11:22:29 +02:00
polvoblanco
81bebc4c32 Change IPAddressField to GenericIPAddressField 
When using a PostgreSQL database and the client does not pass an IP address you get an inet error.  This is a known problem with PostgreSQL and the IPAddressField.

https://code.djangoproject.com/ticket/5622

It can be fixed by using a GenericIPAddressField instead.
 2014-07-31 17:57:33 +01:00
Camilo Nova
a6a3e476ac Merge pull request #80 from tutumcloud/split-forwarded-for 
Get first X-Forwarded-For IP
 2014-06-24 13:30:48 -05:00
Eric Bulloch
23a8481240 White listing IP addresses behind reverse proxy. 
Allowing some IP addresses to have direct access to the app even if they
are behind a reverse proxy. Those IP addresses must still be on a white
list.
 2014-06-24 12:05:27 -06:00
fermayo
5b94c44434 Get first X-Forwarded-For IP 2014-06-24 18:01:12 +02:00