Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-09 08:04:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1612 commits 8 branches 163 tags 4.7 MiB
Commit graph

649 commits

Author SHA1 Message Date
Ronny Vedrilla
e9db2d9631 #1093: "AXES_SENSITIVE_PARAMETERS" now have sensible defaults to follow "privacy-by-design" 2023-07-30 18:59:48 +03:00
Maksim Zayakin
9a54187a65 chore: update docstrings about settings.AXES_COOLOFF_TIME 2023-07-25 19:57:20 +03:00
Kira
370fadad36 add indonesian translation 2023-07-01 00:05:22 +03:00
Pieter Goetschalckx
74f7670b63 Remove unused methods from AxesStandaloneBackend 2023-06-22 11:44:53 +03:00
Davide
deb0e330ad Add username to admin fieldsets #1073 2023-06-18 14:15:53 +03:00
Ian Fisher
5b235b50ed Add check for callable settings 2023-06-13 19:15:07 +03:00
Maksim Zayakin
117db49091 feat: add is_admin_request, deprecate is_admin_site 2023-05-14 23:01:58 +03:00
Maksim Zayakin
3cba78a599 refactor: fix qa errors 2023-05-13 14:04:14 +03:00
Maksim Zayakin
0823584b02 refactor: fix prospector errors 2023-05-13 14:04:14 +03:00
Maksim Zayakin
73c4e4501b chore: adjust types: use list instead of iterables and nested lists instead of tuples 2023-05-13 14:04:14 +03:00
Maksim Zayakin
8d4a0aa052 chore!: pass request and credentials to get_client_parameters 2023-05-13 14:04:14 +03:00
Maksim Zayakin
1e3d41228d feat!: implement reset_request using get_lockout_parameters 2023-05-13 14:04:14 +03:00
Maksim Zayakin
476d3f52bc chore: use get_lockout_parameters in handlers 2023-05-13 14:04:14 +03:00
Maksim Zayakin
07539ff3d7 chore!: use AXES_LOCKOUT_PARAMETERS in app init log message 2023-05-13 14:04:14 +03:00
Maksim Zayakin
2df1c1948a refactor: refactor get_client_parameters 
* Now accepts request_or_attempt and credentials which are passed to get_lockout_parameters
* Use lockout parameters that consumed from get_lockout_parameters
 2023-05-13 14:04:14 +03:00
Maksim Zayakin
59a57386c1 feat: add get_lockout_parameters 
Accepts request or AccessAttempt and optionally credentials. If AXES_LOCKOUT_PARAMETERS is callable, this function passes request or attempt and credentials to this callable and returns the result.
If AXES_LOCKOUT_PARAMETERS is iterable, returns AXES_LOCKOUT_PARAMETERS.
Otherwise raises TypeError.
 2023-05-13 14:04:14 +03:00
Maksim Zayakin
97022a460d chore!: deprecate params related to lockout parameters resolution 2023-05-13 14:04:14 +03:00
Maksim Zayakin
ffc161e814 feat!: add AXES_LOCKOUT_PARAMETERS flag 
BREAKING CHANGE: add `AXES_LOCKOUT_PARAMETERS` flag which accepts an iterable of keys or a callable that resolves an iterable.
The key can be a string (represents a single parameter) or an Iterable of strings (represents a combined parameter).
For example, using this parameters
```python
AXES_LOCKOUT_PARAMETERS = [
    "ip_address",
    ("username", "user_agent"),
]
```
axes will block users by IP and/or combination of username and user agent
 2023-05-13 14:04:14 +03:00
Maksim Zayakin
9dfea8bf8e chore: fix inaccuracies in russian locale 2023-05-13 13:53:57 +03:00
Aleksi Häkli
8386f30dbb Fix type annotations for cache utilities 2023-05-01 21:27:47 +03:00
Aleksi Häkli
c3cfb5150a Refactor cache backend to use cache.incr method for request tracking 
The old cache.set method has problems with correctness as well as
performance on higher traffic sites where there are
multiple parallel web servers running at the same time
which can overwrite each others shared cache
 2023-05-01 21:27:47 +03:00
Aleksi Häkli
9924077a2a Rename get_cache_key to get_cache_keys 2023-05-01 21:27:47 +03:00
Aleksi Häkli
31249a5947 Update django-ipware configuration flags to new AXES_IPWARE_ prefixes 
Use explicit new AXES_IPWARE_ referencing configuration flag names
in place of the old plain implicit AXES_ name prefixes
 2023-04-28 14:16:44 +03:00
Aleksi Häkli
cd950ddfef Make ipware an optional dependency 
Relates to #1038
 2023-04-28 14:16:44 +03:00
Maksim Zayakin
8294fdf756 feat!: set default response code to 429 2023-04-25 19:42:37 +03:00
ArtemDemidovAramMeem
0e76956a2e Override log handler when using sensitive parameters. Closes #1010 2023-04-16 19:51:10 +03:00
Maksim Zayakin
c8bfbe603a use AXES_CLIENT_IP_CALLABLE in get_client_ip_address 2023-03-29 16:35:06 +03:00
Maksim Zayakin
7ae0af2a1e add AXES_CLIENT_IP_CALLABLE setting 2023-03-29 16:35:06 +03:00
Hasan Ramezani
274c4f7010 Fix black formatting in migrations 2023-03-01 10:36:29 +02:00
Hasan Ramezani
c8f831bb62 Update prospector to 1.8.2 2022-12-03 14:12:51 +02:00
Petr Dlouhý
ce3f2f2c3f fix get_client_parameters when AXES_USE_USER_AGENT=True 2022-11-24 21:58:57 +02:00
Hasan Ramezani
2b24167dec Fix black formatting 2022-11-19 10:51:42 +02:00
liampauling
1825f9be4f add missing db alias to migration 0007 
closes #932
 2022-11-14 18:27:51 +02:00
JensDiemer
ca42b0f7dc Bugfix #921 cannot import name 'get_distribution' 
Replace `pkg_resources` with `importlib` solution to fix
https://github.com/jazzband/django-axes/issues/921

Because `importlib.metadata` is new in Python 3.8, fallback to old `setuptools` solution.
 2022-11-14 18:25:06 +02:00
Hasan Ramezani
5c7bea2a42 Update mypy to 0.990 2022-11-14 18:22:04 +02:00
Simon Kern
5590419f81 Use new backend base class in checks 
In 5c4bca6cb6 a new backend  base class was introduced. However the check and its corresponding tests still reference the old base class, thus triggering a warning on setups using the new backend base class.

resolves #907
 2022-08-18 16:32:00 +03:00
Aleksi Häkli
e168a9126b
Fix code formatting 2022-07-17 17:19:05 +03:00
Jonathan Giuffrida
5c4bca6cb6 Add AxesStandaloneBackend 2022-07-17 17:12:57 +03:00
Yousef Almutairi
3448cba6b1 Added Arabic translations 2022-06-01 20:59:25 +03:00
Ronny Vedrilla
ec7c54f9c5 #892: German translation update 2022-05-28 18:02:26 +03:00
Aleksi Häkli
621dfa6882 Fix code formatting 2022-05-16 10:41:07 +03:00
Aleksi Häkli
fffb539c32 Fix proxy handler false negative errors for pylint 2022-05-16 10:41:07 +03:00
Aleksi Häkli
4490013111 Migrate MD5 hashing to SHA256 
Continue using MD5 hashing in Axes test settings
as it offers better performance for test runs
without compromising security for users
 2022-05-16 10:41:07 +03:00
Shaheed Haque
012fde1caf Refine and streamline startup log. The new output is on one line and 
looks like this:

AXES: BEGIN version 5.32.1.dev14+g038dc7c.d20220507, blocking by IP only

Resolves #884.
 2022-05-11 17:08:55 +03:00
Hasan Ramezani
382468cef4 Add type hint for request variables 2022-05-02 18:21:03 +03:00
Hasan Ramezani
dc98a7b2e3 Allow float values for AXES_COOLOFF_TIME(#868). 2022-04-13 17:51:10 +03:00
Hasan Ramezani
4da7eb9fc1 Add Optional to type of params with default value equal to None 2022-04-13 17:48:32 +03:00
Antoine Dujardin
9c2ceb7eb7 Add option to keep current behavior for cooloff reset 2022-04-08 22:17:05 +03:00
Antoine Dujardin
1015bad451 Don't reset cooloff time in case of login attempt during lockout 2022-04-08 22:17:05 +03:00
Gregory DAVID
1849552f45 Implement AccessFailureLog recordings 2022-04-08 22:16:19 +03:00