97 commits

Author	SHA1	Message	Date
Camilo Nova	a87ffa6874	Merge pull request #158 from mullakhmetov/json-response-type ... Added JSON response type.	2016-06-07 09:12:10 -05:00
Joeri Bekker	99fd05e68c	Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.	2016-06-02 13:40:31 +02:00
Artur Mullakhmetov	5627d1c285	Merge remote-tracking branch 'upstream/master' into json-response-type ... # Conflicts: # axes/decorators.py	2016-05-30 16:36:39 +03:00
Artur Mullakhmetov	06a97de5d9	Edit json response. Context now contains ISO 8601 formatted cooloff time.	2016-05-30 16:05:10 +03:00
Radosław Luter	dfc2a50f2c	use render shortcut for rendering LOCKOUT_TEMPLATE	2016-05-20 17:44:20 +02:00
Артур Муллахметов	2643de5e59	Add humanize COOLOFF_TIME output. Additional in HttpReponse case, ... substitutive in JSON response case.	2016-05-13 11:50:17 +03:00
Артур Муллахметов	4e8f94d7c2	Add json response on ajax request.	2016-05-13 11:15:38 +03:00
Артур Муллахметов	cef95f8bc3	Issue #155. Lockout response status code changed to 403.	2016-05-12 23:19:22 +03:00
Артур Муллахметов	6b932b856c	Issue #155. Lockout response status code changed to 403.	2016-05-12 23:01:18 +03:00
Silas Barta	70af6ea206	Set IP public/private classifier to be compliant with RFC 1918.	2016-04-27 13:48:50 -07:00
Jonas Trappenberg	d10d1cfa7f	Decorate auth_views.login only once	2016-04-21 17:53:53 -07:00
Patrick Hagemeister	d7b2a18305	Fixes whitelist check when BEHIND_REVERSE_PROXY	2016-01-29 12:44:56 +01:00
Ann Paul	74f50d8211	Iterate over ip addresses only once	2015-10-23 08:56:32 -07:00
Camilo Nova	035dca0b44	Merge pull request #131 from jdunck/fast-path-unlockable ... Immediately return from is_already_locked if the user is not lockable	2015-10-17 16:42:42 -05:00
Jeremy Dunck	57e667ac73	Immediately return from is_already_locked if the user is not lockable	2015-10-13 14:34:11 -07:00
Joey Wilhelm	4dae514972	Removed an unnecessary six.u() call. Also excluded Py 3.4/Django 1.4 from tests	2015-10-12 13:21:28 -07:00
Joey Wilhelm	b36e5513d9	Improved performance & DoS prevention on query2str	2015-10-09 16:08:27 -07:00
Joey Wilhelm	e56906b766	Stopped using render_to_response so that other template engines work	2015-10-06 18:40:41 -07:00
afioca	796bc43646	Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True	2015-08-31 10:18:27 -04:00
Dale O'Brien	68f0d5ee86	Add username to LOCKOUT_TEMPLATE template context ... So I can use their username in the lockout template, e.g. something like this,	2015-07-06 13:18:03 +10:00
Camilo Nova	2dfcf969d8	Revert "properly use username and IP when pulling attempts. add test and easier testing command."	2015-06-26 09:07:22 -05:00
Steve Byerly	4a926c7cc6	properly use username and IP when pulling attempts. add test.	2015-06-23 09:16:01 -07:00
Tobias Birmili	3a3b955225	Fixes sending the user_locked_out signal. ... It also adds a test for that. Fixes #94.	2015-04-29 14:08:03 +02:00
Vladimir Shaykovskiy	c43cd7bb9d	Fixed create_new_failure_records(), added feature to lock out by USER+IP combination only ... Removed unnecessary separating of one failure attempt on two AccessAttempt objects(according to current code it's not required). Added optional feature to lock out account login from particular IP.	2015-03-20 20:56:15 +03:00
Camilo Nova	cb2c014334	Improved the way we ask if a user is lockable ... Fixes #113	2015-02-24 11:16:24 -05:00
AJ	b77daf2657	refactored password form field for it can be set from settings ... added extra logic in decorated login to handle two_factor no redirecty login added extra logic in decorated login to handle two_factor no redirecty login part 2 added extra logic in decorated login to handle two_factor no redirecty login part 3 removed extra changes	2014-10-01 21:06:41 -07:00
Camilo Nova	a2860d287f	Merge pull request #97 from SteveByerly/master ... Allow for user-defined username field for lookup in POST data	2014-09-17 16:12:07 -05:00
Camilo Nova	ee62450b79	Merge pull request #96 from zoten/master ... Log out only if user was logged in	2014-09-17 16:10:34 -05:00
Camilo Nova	553922ce1a	Merge pull request #78 from marianov/master ... Support for floats in cooloff time (i.e: 0.1 == 6 minutes)	2014-09-17 15:56:32 -05:00
Camilo Nova	4d9d240552	Merge pull request #75 from peterkuma/postdatafix-pr ... Limit amount of POST data logged (#73)	2014-09-17 15:55:48 -05:00
Steve Byerly	a11de14127	allow for user-defined username login form field	2014-09-09 14:32:14 -07:00
zoten	98d8a29a70	Log out only if user was logged in ... Not useful to trigger a logout signal if the user was not authenticated, for logging purposes	2014-08-20 10:35:19 +02:00
Scott Adams	2165a23c49	Improve get_ip to try for real ip address	2014-08-13 11:22:29 +02:00
Camilo Nova	a6a3e476ac	Merge pull request #80 from tutumcloud/split-forwarded-for ... Get first X-Forwarded-For IP	2014-06-24 13:30:48 -05:00
Eric Bulloch	23a8481240	White listing IP addresses behind reverse proxy. ... Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list.	2014-06-24 12:05:27 -06:00
fermayo	5b94c44434	Get first X-Forwarded-For IP	2014-06-24 18:01:12 +02:00
Mariano Vassallo	a8cd749bd2	Support for floats in cooloff time (i.e: 0.1 == 6 minutes)	2014-05-28 16:22:06 -03:00
Enrico Tröger	7f57a86408	Reduce logging of reverse proxy IP lookup and use configured logger ... Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging.	2014-05-24 13:48:39 +02:00
Peter Kuma	b6c3eeeaed	Limit amount of POST data logged (#73) ... Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names.	2014-05-22 10:07:24 +02:00
Camilo Nova	4daba3daa3	Limit the length of the values logged into the database. Refs #73	2014-05-10 12:38:04 -05:00
Andrew Crosio	298ba366b8	fixing tests for django 1.7	2014-04-25 14:55:58 +04:00
Andrew Crosio	cdb1866cbb	fix for django 1.7 exception not existing	2014-04-25 14:55:46 +04:00
Amr Hassan	f6f494cc11	Replaced six imports with django.utils.six ones	2014-03-05 11:43:05 +02:00
Amr Hassan	c90ee0562a	Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2	2014-03-02 12:20:21 +02:00
Camilo Nova	50408ba3aa	Added AttributeError in case get_profile doesn't exist	2013-11-07 15:30:22 -05:00
Alexander Schrijver	60273bab90	Reload the queryset after certain objects have been deleted.	2013-08-14 11:23:47 +02:00
Alexander Schrijver	18191897d3	When the cooloff period has expired if the user is trusted: reset the ... failure counter otherwise obliterate the user.	2013-08-14 11:22:39 +02:00
Camilo Nova	ef3f75e9df	Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don't have it is because you explicitly wanted. Fixes #45	2013-04-29 12:27:41 -05:00
Camilo Nova	b557160c00	Better User model import method	2013-04-27 16:07:32 -05:00
Camilo Nova	2e29240381	Fixed an issue when a user on django 1.4 logout	2013-04-20 18:39:59 -05:00