Most of our users are already running on Python 3.6+
and dropping 3.5 and below in a future oriented release
allows us to focus on implementing more readable codebases.
Fixes#417
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
In order to offer backwards compatible import path for the
axes.utils.reset function it has to have a separate
implementation that can be imported independently from
the axes.helpers functions that are used by the
AxesBaseHandler implementation.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
A handler is always loaded if Axes is active,
and the dummy handler is intended for use when
the user wishes to use either the middleware
or authentication backends but does not want
Axes to handle or emit signals from
authentication events.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Define a base handler API with method signatures
- Move proxy handler to a separate path for importability
- Implement a database handler with clean external dependencies
- Change the authentication backend and decorators to use the authentication backend
This enables clean pluggable authentication backend definitions that users
can override and specialize with e.g. cached handlers in their own packages.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Clean up internal implementations and tests while keeping the
APIs as similar as possible where feasible.
The goal of this change is to not change any documented
or stable APIs that might be in use by users, but to improve
the internal implementations for maintainability and usability.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Cool off time was overly long on a number of test
- Cool off time on test was fetched with the wrong method
resulting in bugs on non-integer second cool off values
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Move cache and cool off utility functions to the axes.utils module
- Clean up axes.attempts duplicate code in attempt and cache calculations
- Add stable implementation for AccessAttempt attribute calculation
in the axes.attempts.get_filter_kwargs function
Fixes#398
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
- Use consistent alphabetical import ordering across files
- Use axes.conf.settings for internally loading settings
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
Use mocks and test new backends, handlers and middleware
on an API call level, aiming for a 100% coverage on behaviour.
Also add tests for old decorators which are not covered
after moving the default authentication checks from them
to the authentication backends, middleware and signal handlers.
Fixes#323
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
The test did not work correctly because the admin login view
does not accept JSON input, but instead produces an error on JSON POST.
It appeared to be functional and working because the
monkey-patched decorator returned a HTTP 403 when a user was accessing the view.
This did not actually result from a failed login,
but from a premature view permission checking that was not sane.
The HTTP 403 was produced by the login function decorator
before the user was ever accessing or using the actual view.
After modifying the view checking logic to run on a login attempt
instead of before attempt (ie when accessing the view)
the admin view error that resulted from missing form POST data
was discovered and since no easy fix was available without
writing a custom view the broken test case was removed altogether.
The correct fix for supporting JSON payloads and mimetypes
can be implemented by writing a login view that supports
JSON login via eg HTTP AJAX POST and produces the same errors.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
