109 commits

Author	SHA1	Message	Date
Camilo Nova	a5624646fb	Merge pull request #188 from Dmitri-Sintsov/master ... Removed ipaddress module dependency.	2016-08-22 10:55:45 -05:00
Dmitriy Sintsov	3cf1d03774	Use socket.inet_pton() to detect workaround for axes_accesslog.ip_address 'inet' field type insert error when running behind IIS as reverse proxy which adds port number to client address in X_FORWARDED_FOR HTTP header.	2016-08-22 11:53:05 +03:00
Dmitriy Sintsov	d772717314	Use backport of ipaddress module for Python 2.x: https://github.com/phihag/ipaddress	2016-08-20 14:02:28 +03:00
Dmitriy Sintsov	50b9d97281	Detect IPv6 addresses in decorators.get_ip() when running behind reverse proxy.	2016-08-20 11:44:20 +03:00
Camilo Nova	b9d5fae32a	Fix for IIS used as reverse proxy. Closes #184	2016-08-18 10:55:27 -05:00
Dmitriy Sintsov	4d8caa3e03	Fix for IIS used as reverse proxy adding port number to 'HTTP_X_FORWARDED_FOR' header causing axes_accesslog.ip_address table insertion error.	2016-08-17 16:22:57 +03:00
Sven Hertle	65ed32f866	Unsuccessful logins are logged even if access log is disabled	2016-08-11 12:45:53 +02:00
Sven Hertle	6b1c5787dc	fixed tests	2016-08-10 17:18:57 +02:00
Sven Hertle	2b86159a40	Added possibility to disable access log	2016-08-10 16:35:02 +02:00
Camilo Nova	0239e173e0	🔥 Clean weird logic when processing proxy ips	2016-07-20 11:38:37 -05:00
Camilo Nova	08f40bc13b	🔥 Cleaning	2016-06-24 09:42:18 -05:00
Camilo Nova	19f4e709e8	🔥 Do some cleaning	2016-06-24 08:41:24 -05:00
Camilo Nova	a87ffa6874	Merge pull request #158 from mullakhmetov/json-response-type ... Added JSON response type.	2016-06-07 09:12:10 -05:00
Joeri Bekker	99fd05e68c	Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.	2016-06-02 13:40:31 +02:00
Artur Mullakhmetov	5627d1c285	Merge remote-tracking branch 'upstream/master' into json-response-type ... # Conflicts: # axes/decorators.py	2016-05-30 16:36:39 +03:00
Artur Mullakhmetov	06a97de5d9	Edit json response. Context now contains ISO 8601 formatted cooloff time.	2016-05-30 16:05:10 +03:00
Radosław Luter	dfc2a50f2c	use render shortcut for rendering LOCKOUT_TEMPLATE	2016-05-20 17:44:20 +02:00
Артур Муллахметов	2643de5e59	Add humanize COOLOFF_TIME output. Additional in HttpReponse case, ... substitutive in JSON response case.	2016-05-13 11:50:17 +03:00
Артур Муллахметов	4e8f94d7c2	Add json response on ajax request.	2016-05-13 11:15:38 +03:00
Артур Муллахметов	cef95f8bc3	Issue #155. Lockout response status code changed to 403.	2016-05-12 23:19:22 +03:00
Артур Муллахметов	6b932b856c	Issue #155. Lockout response status code changed to 403.	2016-05-12 23:01:18 +03:00
Silas Barta	70af6ea206	Set IP public/private classifier to be compliant with RFC 1918.	2016-04-27 13:48:50 -07:00
Jonas Trappenberg	d10d1cfa7f	Decorate auth_views.login only once	2016-04-21 17:53:53 -07:00
Patrick Hagemeister	d7b2a18305	Fixes whitelist check when BEHIND_REVERSE_PROXY	2016-01-29 12:44:56 +01:00
Ann Paul	74f50d8211	Iterate over ip addresses only once	2015-10-23 08:56:32 -07:00
Camilo Nova	035dca0b44	Merge pull request #131 from jdunck/fast-path-unlockable ... Immediately return from is_already_locked if the user is not lockable	2015-10-17 16:42:42 -05:00
Jeremy Dunck	57e667ac73	Immediately return from is_already_locked if the user is not lockable	2015-10-13 14:34:11 -07:00
Joey Wilhelm	4dae514972	Removed an unnecessary six.u() call. Also excluded Py 3.4/Django 1.4 from tests	2015-10-12 13:21:28 -07:00
Joey Wilhelm	b36e5513d9	Improved performance & DoS prevention on query2str	2015-10-09 16:08:27 -07:00
Joey Wilhelm	e56906b766	Stopped using render_to_response so that other template engines work	2015-10-06 18:40:41 -07:00
afioca	796bc43646	Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True	2015-08-31 10:18:27 -04:00
Dale O'Brien	68f0d5ee86	Add username to LOCKOUT_TEMPLATE template context ... So I can use their username in the lockout template, e.g. something like this,	2015-07-06 13:18:03 +10:00
Camilo Nova	2dfcf969d8	Revert "properly use username and IP when pulling attempts. add test and easier testing command."	2015-06-26 09:07:22 -05:00
Steve Byerly	4a926c7cc6	properly use username and IP when pulling attempts. add test.	2015-06-23 09:16:01 -07:00
Tobias Birmili	3a3b955225	Fixes sending the user_locked_out signal. ... It also adds a test for that. Fixes #94.	2015-04-29 14:08:03 +02:00
Vladimir Shaykovskiy	c43cd7bb9d	Fixed create_new_failure_records(), added feature to lock out by USER+IP combination only ... Removed unnecessary separating of one failure attempt on two AccessAttempt objects(according to current code it's not required). Added optional feature to lock out account login from particular IP.	2015-03-20 20:56:15 +03:00
Camilo Nova	cb2c014334	Improved the way we ask if a user is lockable ... Fixes #113	2015-02-24 11:16:24 -05:00
AJ	b77daf2657	refactored password form field for it can be set from settings ... added extra logic in decorated login to handle two_factor no redirecty login added extra logic in decorated login to handle two_factor no redirecty login part 2 added extra logic in decorated login to handle two_factor no redirecty login part 3 removed extra changes	2014-10-01 21:06:41 -07:00
Camilo Nova	a2860d287f	Merge pull request #97 from SteveByerly/master ... Allow for user-defined username field for lookup in POST data	2014-09-17 16:12:07 -05:00
Camilo Nova	ee62450b79	Merge pull request #96 from zoten/master ... Log out only if user was logged in	2014-09-17 16:10:34 -05:00
Camilo Nova	553922ce1a	Merge pull request #78 from marianov/master ... Support for floats in cooloff time (i.e: 0.1 == 6 minutes)	2014-09-17 15:56:32 -05:00
Camilo Nova	4d9d240552	Merge pull request #75 from peterkuma/postdatafix-pr ... Limit amount of POST data logged (#73)	2014-09-17 15:55:48 -05:00
Steve Byerly	a11de14127	allow for user-defined username login form field	2014-09-09 14:32:14 -07:00
zoten	98d8a29a70	Log out only if user was logged in ... Not useful to trigger a logout signal if the user was not authenticated, for logging purposes	2014-08-20 10:35:19 +02:00
Scott Adams	2165a23c49	Improve get_ip to try for real ip address	2014-08-13 11:22:29 +02:00
Camilo Nova	a6a3e476ac	Merge pull request #80 from tutumcloud/split-forwarded-for ... Get first X-Forwarded-For IP	2014-06-24 13:30:48 -05:00
Eric Bulloch	23a8481240	White listing IP addresses behind reverse proxy. ... Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list.	2014-06-24 12:05:27 -06:00
fermayo	5b94c44434	Get first X-Forwarded-For IP	2014-06-24 18:01:12 +02:00
Mariano Vassallo	a8cd749bd2	Support for floats in cooloff time (i.e: 0.1 == 6 minutes)	2014-05-28 16:22:06 -03:00
Enrico Tröger	7f57a86408	Reduce logging of reverse proxy IP lookup and use configured logger ... Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging.	2014-05-24 13:48:39 +02:00