Use case: include more info about the user in the client_str.
username is already included in the arguments but that would require a separate DB call.
https://github.com/jazzband/django-axes/issues/782
The creation of several entries is possible due to race conditions between different worker processes, which can later break the usage of get in this situation.
This change should help to prevent this race condition using the database.
Fixes#634
The Django import system seems to produce errors
in certain configurations and especially when
MIGRATION_MODULES configuration is set globally.
This is most probably caused by misbehaving or cyclic
Python module imports in the Django application
instrumentatation chain that come up when the
MIGRATION_MODULES configuration is altered.
This patch migrates to the standard Python logging system
use and has less overhead and complexity for users as well.
Having a configurable logging prefix does not produce
a lot of benefits and is less flexible than having
all individual module logging configurations accessible
through the module __name__ parameter in Axes.
For example axes.handlers.* or axes.backends.*
are separately configurable in the new scheme
whereas they would have been both bundled under
the AXES_LOGGER log configuration.
Submitting null byte chars like in the post data causes the save to database crash with the following:
/lib/python3.7/site-packages/django/db/backends/utils.py", line 86, in _execute
return self.cursor.execute(sql, params)
ValueError: A string literal cannot contain NUL (0x00) characters.
I propose replacing these to something more palatable to the django ORM, and allowing axes to continue its work and block users with multiple failed login attempts that contain NUL characters.
The old architecture used exceptions in the signal handler
which prevented transactions from running smoothly
and signal handlers from running after Axes handlers.
The new architecture changes the request approach to request flagging
and moves the exception handling into the middleware call method.
This allows users to more flexibly run their own signal handlers
and optionally use the Axes middleware if they want to do so.
Fixes#440Fixes#442
All attempts that are logged are marked as trusted
and no other attempts are created in the code,
so having a flag that also uses a database index
is redundant and unnecessary.
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
