Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-11 09:03:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1918 commits 8 branches 163 tags 4.7 MiB
Commit graph

157 commits

Author SHA1 Message Date
Aleksi Häkli
10f6e621ce Add missing @wraps decorator 
This keeps the original function name and docstring for the decorated function
 2021-01-05 11:57:53 +02:00
Aleksi Häkli
3152b4d7e9 Improve lockout and request handling 
The old architecture used exceptions in the signal handler
which prevented transactions from running smoothly
and signal handlers from running after Axes handlers.

The new architecture changes the request approach to request flagging
and moves the exception handling into the middleware call method.

This allows users to more flexibly run their own signal handlers
and optionally use the Axes middleware if they want to do so.

Fixes #440
Fixes #442
 2019-05-19 18:32:40 +03:00
Aleksi Häkli
3bece1aaaa
Set Axes request attributes in middleware 
Fixes #415

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-03-03 22:13:13 +02:00
Aleksi Häkli
ff6cb8bffd
Move utils to helpers module 
In order to offer backwards compatible import path for the
axes.utils.reset function it has to have a separate
implementation that can be imported independently from
the axes.helpers functions that are used by the
AxesBaseHandler implementation.

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-25 22:54:40 +02:00
Aleksi Häkli
ccace29270
Clean up handler naming and documentation 
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-22 20:13:20 +02:00
Aleksi Häkli
e69d479f6a
Refactor handlers to a more pluggable format 
- Define a base handler API with method signatures
- Move proxy handler to a separate path for importability
- Implement a database handler with clean external dependencies
- Change the authentication backend and decorators to use the authentication backend

This enables clean pluggable authentication backend definitions that users
can override and specialize with e.g. cached handlers in their own packages.

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-22 19:55:57 +02:00
Aleksi Häkli
502434bbcb
Clean up logging initialization 
Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-10 20:51:38 +02:00
Aleksi Häkli
030810df79
Drop Python 2.7 and Python 3.4 support 
Fixes #395

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-07 17:28:26 +02:00
Aleksi Häkli
99175dc57f
Use middleware, backends, and signals for lockouts 
Fixes #389

Remove monkey-patching from the application loader phase
and use the Django authentication stack for lockout signals.

Utilize custom AUTHENTICATION_BACKENDS and MIDDLEWARE with signals
with backwards compatible implementation of features.

Update documentation, configuration and migration instructions
to match the new configuration and improve the code commentation.

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2019-02-03 16:03:30 +02:00
Aleksi Häkli
8204032102
Add Python 3.7 to supported versions 
Add Django 2.1 to the test matrix

Fixes #371

Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi>
 2018-12-10 19:48:46 +02:00
jd
4684a1a04f Add a setting to supply a callable that can return a correct username given a request object #318 2018-05-22 14:54:45 -07:00
Aleksi Häkli
db13d45e29 Remove unnecessary else branches from conditionals 2018-04-21 00:33:44 +03:00
Gilles Dartiguelongue
089447a2e7
Leave logging to formatting as needed 
Do not force it as it might be used programmatically down the line, see
Sentry/raven [1] or fluentd [2] for example.

[1] https://github.com/getsentry/raven-python
[2] https://github.com/fluent/fluent-logger-python
 2018-04-20 14:08:57 +02:00
Gilles Dartiguelongue
84b887902d
Simplify cooloff time type check 2018-04-20 13:55:27 +02:00
Aleksi Häkli
df8feb4f69
Backport unicode string literals for Python 2.7 
Fixes #328
 2018-04-18 15:21:09 +03:00
Mark Davidoff
8580c404e3 add an authentication backend to check if user is locked out. 2018-04-06 16:01:23 -07:00
Camilo Nova
da0c4b429a Added django-ipware 2017-12-13 14:35:19 -05:00
Camilo Nova
726214df05 Added form_invalid decorator. Fixes #265 2017-11-21 16:51:59 -05:00
Camilo Nova
ba37442252 Added support for Django signals, big code refactor and improvements 2017-11-17 17:15:34 -05:00
Jack Sullivan
6f1e1c1d34 Fixed extra typo. 2017-05-17 12:19:43 -07:00
Jack Sullivan
25e5757aff Merge branch 'master' into logging-conf 
Conflicts:
	axes/tests.py
 2017-05-13 11:55:53 -07:00
Camilo Nova
49cbf128e5 Merge pull request #228 from HuntedCodes/block-configs 
Fixes #222, and robust testing for lockout conditions
 2017-05-09 09:35:22 -05:00
Jack Sullivan
3b4f8fb7b3 Handles successful AJAX logins. 2017-04-26 14:17:24 -07:00
Jack Sullivan
98b82dd27d Fixed path_info formatting. 2017-04-26 09:37:11 -07:00
Jack Sullivan
4783787c6d Fixed UTF-8 encoding bug. 2017-04-26 09:11:11 -07:00
Jack Sullivan
ebf9ca89ee Added user agent and verbose logging. 2017-04-25 14:47:33 -07:00
Jack Sullivan
765fddb64a Log successful auth if configured 
When AXES_DISABLE_SUCCESS_ACCESS_LOG=False, write a log that
successful authentication has happened, along with client info.
 2017-04-25 13:49:43 -07:00
Jack Sullivan
4d4b1d233f Factored out logging into functions 2017-04-25 12:50:24 -07:00
Jack Sullivan
55e83bd629 Log messages based on config settings 2017-04-25 12:49:53 -07:00
Jack Sullivan
c86ad06d9d Fixed #222, cache blocks by user only and ip+user 
Cache hash keys now include usernames. The axes settings
AXES_ONLY_USER_FAILURES and LOCK_OUT_BY_COMBINATION_USER_AND_IP
are checked to decide which request attributes to include in
generated cache hash keys.
 2017-04-22 19:19:48 -07:00
Jack Sullivan
ad170dabcb ONLY_USER works when cache is disabled 
The _get_user_attempts function now checks for AXES_ONLY_USER_FAILURES,
and only includes the IP when AXES_ONLY_USER_FAILURES = False.
 2017-04-22 18:53:59 -07:00
Aleksi Häkli
1b10e54611 Fixed #224 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-10 11:47:44 +03:00
Aleksi Häkli
4dfaa13c9a Add AXES: prefix to all log values for consistency 2017-04-06 19:52:17 +03:00
Aleksi Häkli
64924be83c Fixed #221 -- Add AXES_NUM_PROXIES setting 
This enables secure calculation of client IP value
by allowing the end users to set the number of
proxies they have in their current setups
 2017-04-06 19:50:54 +03:00
James Rutherford
a2efeeb018 Log failed access attempts regardless of settings 
Fixes #212
 2017-01-12 15:59:46 +00:00
Jorge Galvis
2357a4616b Make it Python3 compatible 2016-12-06 18:08:13 -05:00
Jorge Galvis
19affea1ba Merge branch 'master' into cache-attemps 2016-12-06 17:51:19 -05:00
Camilo Nova
8fde5cf658 Merge pull request #207 from schinckel/only-check-on-post 
Only look for lockable users on a POST.
 2016-11-24 08:49:10 -05:00
Aleksi Häkli
41877cdecd Fix and add tests for IPv4 and IPv6 parsing 
This patch does not fix IPv6 parsing with ports
 2016-11-21 21:33:55 +02:00
Matthew Schinckel
68c7128885 Playing around with different is_user_lockable ideas. 2016-11-17 16:46:30 +10:30
Matthew Schinckel
c94e381bb7 Only look for lockable users on a POST. 
Resolves #205.
 2016-11-17 16:23:42 +10:30
Sam Kuehn
a32f030c6a fix exception too broad 2016-11-04 15:27:19 -06:00
Sam Kuehn
7e6ac85d4e fix #201 error: illegal IP address string passed to inet_pton 2016-11-04 14:59:42 -06:00
Yi Ming Yung
b49e685603 Added settings for disabling success accesslogs and added complete disabling of accesslogs 2016-11-04 14:09:48 +01:00
Jorge Galvis
14950ee83a WP: Cache failures in cache 2016-11-02 00:25:32 -05:00
Camilo Nova
790f451092 Merge pull request #193 from slurms/master 
Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work.
 2016-09-23 11:56:34 -05:00
Nick Sandford
99807d0a1b Fix #192 -- AXES_DISABLE_ACCESS_LOG doesn't work. 2016-09-23 14:58:29 +01:00
lip77us
cad837aac9 Added AXES_ONLY_USER_FAILURES to support only looking at the user ID and not the IP address. I needed to add this for offices that use the same IP. One user was locking the whole office out of my application. Tests updated as well. 2016-09-22 12:35:51 -07:00
Camilo Nova
a5624646fb Merge pull request #188 from Dmitri-Sintsov/master 
Removed ipaddress module dependency.
 2016-08-22 10:55:45 -05:00
Dmitriy Sintsov
3cf1d03774 Use socket.inet_pton() to detect workaround for axes_accesslog.ip_address 'inet' field type insert error when running behind IIS as reverse proxy which adds port number to client address in X_FORWARDED_FOR HTTP header. 2016-08-22 11:53:05 +03:00