Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-03-16 22:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1903 commits 2 branches 163 tags 4.6 MiB
Commit graph

73 commits

Author SHA1 Message Date
Aleksi Häkli
bdd0c9546a Fix prospector errors 2026-02-11 22:14:31 +02:00
Aleksi Häkli
4b77eb69ee Run black autoformatting 2026-02-11 22:14:31 +02:00
kuldeepkhatke
392dfa0e44 Reverted , remove change from AxesDatabaseHandler.user_login_failed 2025-07-05 16:19:19 +03:00
kuldeepkhatke
ba7b72f9d9 Updated expires_at for null, blank False, lte query update, admin expiration logic simplify 2025-07-05 16:19:19 +03:00
kuldeepkhatke
01ccf5b213 Updated get_individual_attempt_expiry() func placement & renamed to get_attempt_expiration() 2025-07-05 16:19:19 +03:00
kuldeepkhatke
d8e6c939fe Modified expiration create queryset logic 2025-07-05 16:19:19 +03:00
kuldeepkhatke
df8fb35e18 Shifted epired_at filed to new model 2025-07-05 16:19:19 +03:00
kuldeepkhatke
a1e9eff875 Renamed AXES_INDIVIDUAL_ATTEMPT_EXPIRY flag to AXES_USE_ATTEMPT_EXPIRATION 2025-07-05 16:19:19 +03:00
kuldeepkhatke
0fd9ccd1d4 Added individual attempt expiry feature 2025-07-05 16:19:19 +03:00
nefrob
bd3b56237d refactor: move db accessing attempt fns to handler methods 2025-05-10 13:46:09 +03:00
nefrob
8356498a44 chore: clean attempt logic as db handler method 2025-04-29 10:10:25 +03:00
Aleksi Häkli
5e7fbca52c fix: resolve credentials for clean_expired_user_attempts 2025-04-23 17:02:37 +03:00
parul-aro
0115648a1d feat(cleanup): allow credentials in cleanup method 2025-04-23 11:54:17 +03:00
Bruno Alla
8ed0d82384 refactor: remove attempt_time parameter 
As we pass down the whole request, we no longer need to extract the axes_attempt_time anymore.

This is a potential breaking change, but the impacted functions are not part of the documented API.
 2024-10-02 20:15:31 +03:00
Bruno Alla
a304380853 feat: pass down the request in a few more places 2024-10-02 20:15:31 +03:00
Davide
014483c65d
Add session hash to access log 2024-04-30 16:22:50 +02:00
Maksim Zayakin
4861f3c988 fix: fix TransactionManagementError 2023-09-01 10:50:57 +03:00
Maksim Zayakin
73c4e4501b chore: adjust types: use list instead of iterables and nested lists instead of tuples 2023-05-13 14:04:14 +03:00
Maksim Zayakin
476d3f52bc chore: use get_lockout_parameters in handlers 2023-05-13 14:04:14 +03:00
Aleksi Häkli
621dfa6882 Fix code formatting 2022-05-16 10:41:07 +03:00
Hasan Ramezani
4da7eb9fc1 Add Optional to type of params with default value equal to None 2022-04-13 17:48:32 +03:00
Antoine Dujardin
9c2ceb7eb7 Add option to keep current behavior for cooloff reset 2022-04-08 22:17:05 +03:00
Antoine Dujardin
1015bad451 Don't reset cooloff time in case of login attempt during lockout 2022-04-08 22:17:05 +03:00
Gregory DAVID
1849552f45 Implement AccessFailureLog recordings 2022-04-08 22:16:19 +03:00
Hasan Ramezani
d674fa6296 Bump prospector from 1.3.1 to 1.5.3 2021-12-08 09:00:51 +01:00
Vasyl Dizhak
8c5c43f482 #750, fix lockout failure when providing AXES_USERNAME_CALLABLE 2021-10-11 20:59:06 +03:00
Yuta Okamoto
46bfc54a03 acquire a lock of AccessAttempt before updating 2021-09-09 17:38:30 +03:00
sarahboyce
403076ef51 feat(helpers): update get_client_str to accept request object 
Use case: include more info about the user in the client_str.
username is already included in the arguments but that would require a separate DB call.
https://github.com/jazzband/django-axes/issues/782
 2021-09-02 17:40:05 +03:00
Yuta Okamoto
945754eb15 make failures_since_start accessible to the views 2021-08-31 21:24:26 +03:00
Yuta Okamoto
004a0d750c remove failures_since_start from the log 2021-08-31 21:21:28 +03:00
Yuta Okamoto
bd18a531b6 increment failures_since_start in an atomic manner 2021-08-31 21:21:28 +03:00
Aleksi Häkli
ac86d4b213 Adjust commentation and log messages 2021-06-29 17:50:37 +03:00
Uli Klank
f079c48bb1 Restoring necessary general lookup of siilar attempts 
Linting
 2021-06-29 16:49:12 +03:00
Uli Klank
c72e8e4855 invert condition, warn earlier 2021-06-29 16:49:12 +03:00
Uli Klank
a88366f251 Prevent unnecessary save for created object 2021-06-29 16:49:12 +03:00
Uli Klank
8b5b921b71 Initiallize failures since start correctly 2021-06-29 16:49:12 +03:00
Uli Klank
93341a4d04 Handle race conditions for multiple workers 
The creation of several entries is possible due to race conditions between different worker processes, which can later break the usage of get in this situation.
This change should help to prevent this race condition using the database.
 2021-06-29 16:49:12 +03:00
Michael O'Connor
170dacc112 Integrate AXS_SENSITIVE_PARAMETERS functionality with AXES_PASSWORD_FORM_FIELD 2021-05-03 17:10:45 +03:00
Michael O'Connor
f54c4f095b Add option to cleanse sensitive GET and POST params in database handler 2021-05-03 17:10:45 +03:00
Aleksi Häkli
b6b26e492f Optimize imports as part of cleanup round 2021-01-07 18:23:33 +02:00
Hasan Ramezani
22c564743d Prevent AccessAttempt creation for None username. 2020-11-05 20:06:49 +02:00
Aleksi Häkli
b569cdb991 Deprecate settings.AXES_LOGGER configuration flag 
Fixes #634

The Django import system seems to produce errors
in certain configurations and especially when
MIGRATION_MODULES configuration is set globally.

This is most probably caused by misbehaving or cyclic
Python module imports in the Django application
instrumentatation chain that come up when the
MIGRATION_MODULES configuration is altered.

This patch migrates to the standard Python logging system
use and has less overhead and complexity for users as well.

Having a configurable logging prefix does not produce
a lot of benefits and is less flexible than having
all individual module logging configurations accessible
through the module __name__ parameter in Axes.

For example axes.handlers.* or axes.backends.*
are separately configurable in the new scheme
whereas they would have been both bundled under
the AXES_LOGGER log configuration.
 2020-09-26 21:44:56 +03:00
Petr Dlouhý
128d01158c add LOCK_OUT_BY_USER_OR_IP option 
store all AccessAttempt records
 2020-08-21 17:17:57 +03:00
Jorge Galvis
45109341be Make code Black's compliant. 2020-07-28 20:21:34 +03:00
Jorge Galvis
f772817bc8 Add some docstrings for guidance about creating new handlers. 2020-07-28 20:21:34 +03:00
Jorge Galvis
c786c53e9b Make all handlers to use the AxesBaseHandler mixin. 2020-07-28 20:21:34 +03:00
Jorge Galvis
87d8a974a3 Move signal's callbacks to AxesDatabaseHandler as they only make sense for a DB backend. 2020-07-28 20:21:34 +03:00
Jorge Galvis
9bb04a01b8 Only AxesHandler needs to follow a contract 2020-07-28 20:21:34 +03:00
Jorge Galvis
d6c3663025 Make AxesDatabaseHandler class to be a concrete class of AxesHandler 2020-07-28 20:21:34 +03:00
Aleksi Häkli
344a97c694
Fix code formatting for linter 2020-03-23 13:58:12 +02:00