Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-13 01:53:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
428 commits 9 branches 163 tags 4.7 MiB
Commit graph

129 commits

Author SHA1 Message Date
Jack Sullivan
ebf9ca89ee Added user agent and verbose logging. 2017-04-25 14:47:33 -07:00
Jack Sullivan
765fddb64a Log successful auth if configured 
When AXES_DISABLE_SUCCESS_ACCESS_LOG=False, write a log that
successful authentication has happened, along with client info.
 2017-04-25 13:49:43 -07:00
Jack Sullivan
4d4b1d233f Factored out logging into functions 2017-04-25 12:50:24 -07:00
Jack Sullivan
55e83bd629 Log messages based on config settings 2017-04-25 12:49:53 -07:00
Aleksi Häkli
4dfaa13c9a Add AXES: prefix to all log values for consistency 2017-04-06 19:52:17 +03:00
Aleksi Häkli
64924be83c Fixed #221 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-06 19:50:54 +03:00
James Rutherford
a2efeeb018 Log failed access attempts regardless of settings 
Fixes #212
 2017-01-12 15:59:46 +00:00
Jorge Galvis
2357a4616b Make it Python3 compatible 2016-12-06 18:08:13 -05:00
Jorge Galvis
19affea1ba Merge branch 'master' into cache-attemps 2016-12-06 17:51:19 -05:00
Camilo Nova
8fde5cf658 Merge pull request #207 from schinckel/only-check-on-post 
Only look for lockable users on a POST.
 2016-11-24 08:49:10 -05:00
Aleksi Häkli
41877cdecd Fix and add tests for IPv4 and IPv6 parsing 
This patch does not fix IPv6 parsing with ports
 2016-11-21 21:33:55 +02:00
Matthew Schinckel
68c7128885 Playing around with different is_user_lockable ideas. 2016-11-17 16:46:30 +10:30
Matthew Schinckel
c94e381bb7 Only look for lockable users on a POST. 
Resolves #205.
 2016-11-17 16:23:42 +10:30
Sam Kuehn
a32f030c6a fix exception too broad 2016-11-04 15:27:19 -06:00
Sam Kuehn
7e6ac85d4e fix #201 error: illegal IP address string passed to inet_pton 2016-11-04 14:59:42 -06:00
Yi Ming Yung
b49e685603 Added settings for disabling success accesslogs and added complete disabling of accesslogs 2016-11-04 14:09:48 +01:00
Jorge Galvis
14950ee83a WP: Cache failures in cache 2016-11-02 00:25:32 -05:00
Camilo Nova
790f451092 Merge pull request #193 from slurms/master 
Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work.
 2016-09-23 11:56:34 -05:00
Nick Sandford
99807d0a1b Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work. 2016-09-23 14:58:29 +01:00
lip77us
cad837aac9 Added AXES_ONLY_USER_FAILURES to support only looking at the user ID and not the IP address. I needed to add this for offices that use the same IP. One user was locking the whole office out of my application. Tests updated as well. 2016-09-22 12:35:51 -07:00
Camilo Nova
a5624646fb Merge pull request #188 from Dmitri-Sintsov/master 
Removed ipaddress module dependency.
 2016-08-22 10:55:45 -05:00
Dmitriy Sintsov
3cf1d03774 Use socket.inet_pton() to detect workaround for axes_accesslog.ip_address 'inet' field type insert error when running behind IIS as reverse proxy which adds port number to client address in X_FORWARDED_FOR HTTP header. 2016-08-22 11:53:05 +03:00
Dmitriy Sintsov
d772717314 Use backport of ipaddress module for Python 2.x: https://github.com/phihag/ipaddress 2016-08-20 14:02:28 +03:00
Dmitriy Sintsov
50b9d97281 Detect IPv6 addresses in decorators.get_ip() when running behind reverse proxy. 2016-08-20 11:44:20 +03:00
Camilo Nova
b9d5fae32a Fix for IIS used as reverse proxy. Closes #184 2016-08-18 10:55:27 -05:00
Dmitriy Sintsov
4d8caa3e03 Fix for IIS used as reverse proxy adding port number to 'HTTP_X_FORWARDED_FOR' header causing axes_accesslog.ip_address table insertion error. 2016-08-17 16:22:57 +03:00
Sven Hertle
65ed32f866 Unsuccessful logins are logged even if access log is disabled 2016-08-11 12:45:53 +02:00
Sven Hertle
6b1c5787dc fixed tests 2016-08-10 17:18:57 +02:00
Sven Hertle
2b86159a40 Added possibility to disable access log 2016-08-10 16:35:02 +02:00
Camilo Nova
0239e173e0 🔥 Clean weird logic when processing proxy ips 2016-07-20 11:38:37 -05:00
Camilo Nova
08f40bc13b 🔥 Cleaning 2016-06-24 09:42:18 -05:00
Camilo Nova
19f4e709e8 🔥 Do some cleaning 2016-06-24 08:41:24 -05:00
Camilo Nova
a87ffa6874 Merge pull request #158 from mullakhmetov/json-response-type 
Added JSON response type.
 2016-06-07 09:12:10 -05:00
Joeri Bekker
99fd05e68c Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out. 2016-06-02 13:40:31 +02:00
Artur Mullakhmetov
5627d1c285 Merge remote-tracking branch 'upstream/master' into json-response-type 
# Conflicts:
#	axes/decorators.py
 2016-05-30 16:36:39 +03:00
Artur Mullakhmetov
06a97de5d9 Edit json response. Context now contains ISO 8601 formatted cooloff time. 2016-05-30 16:05:10 +03:00
Radosław Luter
dfc2a50f2c use render shortcut for rendering LOCKOUT_TEMPLATE 2016-05-20 17:44:20 +02:00
Артур Муллахметов
2643de5e59 Add humanize COOLOFF_TIME output. Additional in HttpReponse case, 
substitutive in JSON response case.
 2016-05-13 11:50:17 +03:00
Артур Муллахметов
4e8f94d7c2 Add json response on ajax request. 2016-05-13 11:15:38 +03:00
Артур Муллахметов
cef95f8bc3 Issue #155. Lockout response status code changed to 403. 2016-05-12 23:19:22 +03:00
Артур Муллахметов
6b932b856c Issue #155. Lockout response status code changed to 403. 2016-05-12 23:01:18 +03:00
Silas Barta
70af6ea206 Set IP public/private classifier to be compliant with RFC 1918. 2016-04-27 13:48:50 -07:00
Jonas Trappenberg
d10d1cfa7f Decorate auth_views.login only once 2016-04-21 17:53:53 -07:00
Patrick Hagemeister
d7b2a18305 Fixes whitelist check when BEHIND_REVERSE_PROXY 2016-01-29 12:44:56 +01:00
Ann Paul
74f50d8211 Iterate over ip addresses only once 2015-10-23 08:56:32 -07:00
Camilo Nova
035dca0b44 Merge pull request #131 from jdunck/fast-path-unlockable 
Immediately return from is_already_locked if the user is not lockable
 2015-10-17 16:42:42 -05:00
Jeremy Dunck
57e667ac73 Immediately return from is_already_locked if the user is not lockable 2015-10-13 14:34:11 -07:00
Joey Wilhelm
4dae514972 Removed an unnecessary six.u() call. Also excluded Py 3.4/Django 1.4 from tests 2015-10-12 13:21:28 -07:00
Joey Wilhelm
b36e5513d9 Improved performance & DoS prevention on query2str 2015-10-09 16:08:27 -07:00
Joey Wilhelm
e56906b766 Stopped using render_to_response so that other template engines work 2015-10-06 18:40:41 -07:00