- Cool off time was overly long on a number of test
- Cool off time on test was fetched with the wrong method
resulting in bugs on non-integer second cool off values
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Move cache and cool off utility functions to the axes.utils module
- Clean up axes.attempts duplicate code in attempt and cache calculations
- Add stable implementation for AccessAttempt attribute calculation
in the axes.attempts.get_filter_kwargs function
Fixes#398
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Use consistent alphabetical import ordering across files
- Use axes.conf.settings for internally loading settings
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
As we aim for a stable production grade package
we should strive to have the code base tested
comprehensively to root out any bugs in the
implementations that are offered.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Use mocks and test new backends, handlers and middleware
on an API call level, aiming for a 100% coverage on behaviour.
Also add tests for old decorators which are not covered
after moving the default authentication checks from them
to the authentication backends, middleware and signal handlers.
Fixes#323
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Implements a proxied API which enables overriding
a handler backend with a user supplied implementation.
Fixes#399
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Fixes#389
Remove monkey-patching from the application loader phase
and use the Django authentication stack for lockout signals.
Utilize custom AUTHENTICATION_BACKENDS and MIDDLEWARE with signals
with backwards compatible implementation of features.
Update documentation, configuration and migration instructions
to match the new configuration and improve the code commentation.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
The test did not work correctly because the admin login view
does not accept JSON input, but instead produces an error on JSON POST.
It appeared to be functional and working because the
monkey-patched decorator returned a HTTP 403 when a user was accessing the view.
This did not actually result from a failed login,
but from a premature view permission checking that was not sane.
The HTTP 403 was produced by the login function decorator
before the user was ever accessing or using the actual view.
After modifying the view checking logic to run on a login attempt
instead of before attempt (ie when accessing the view)
the admin view error that resulted from missing form POST data
was discovered and since no easy fix was available without
writing a custom view the broken test case was removed altogether.
The correct fix for supporting JSON payloads and mimetypes
can be implemented by writing a login view that supports
JSON login via eg HTTP AJAX POST and produces the same errors.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Use manage.py for running tests instead of a custom script
- Drop support for Python 3.5 for Django master for tox and Travis
- Run branch coverage tests in addition to line coverage
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
