django-defender/defender/config.py

from django.conf import settings
from django.utils.translation import gettext_lazy


def get_setting(variable, default=None):
    """ get the 'variable' from settings if not there use the
    provided default """
    return getattr(settings, variable, default)


# redis server host
DEFENDER_REDIS_URL = get_setting("DEFENDER_REDIS_URL")

# redis password quote for special character
DEFENDER_REDIS_PASSWORD_QUOTE = get_setting("DEFENDER_REDIS_PASSWORD_QUOTE", False)

# reuse declared cache from django settings
DEFENDER_REDIS_NAME = get_setting("DEFENDER_REDIS_NAME")

MOCK_REDIS = get_setting("DEFENDER_MOCK_REDIS", False)

# see if the user has overridden the failure limit
FAILURE_LIMIT = get_setting("DEFENDER_LOGIN_FAILURE_LIMIT", 3)
USERNAME_FAILURE_LIMIT = get_setting(
    "DEFENDER_LOGIN_FAILURE_LIMIT_USERNAME", FAILURE_LIMIT
)
IP_FAILURE_LIMIT = get_setting("DEFENDER_LOGIN_FAILURE_LIMIT_IP", FAILURE_LIMIT)

# If this is True, the lockout checks to evaluate if the IP failure limit and
# the username failure limit has been reached before issuing the lockout.
LOCKOUT_BY_IP_USERNAME = get_setting("DEFENDER_LOCK_OUT_BY_IP_AND_USERNAME", False)

# if this is True, The users IP address will not get locked when
# there are too many login attempts.
DISABLE_IP_LOCKOUT = get_setting("DEFENDER_DISABLE_IP_LOCKOUT", False)

# If this is True, usernames will not get locked when
# there are too many login attempts.
DISABLE_USERNAME_LOCKOUT = get_setting("DEFENDER_DISABLE_USERNAME_LOCKOUT", False)

# use a specific username field to retrieve from login POST data
USERNAME_FORM_FIELD = get_setting("DEFENDER_USERNAME_FORM_FIELD", "username")

# see if the django app is sitting behind a reverse proxy
BEHIND_REVERSE_PROXY = get_setting("DEFENDER_BEHIND_REVERSE_PROXY", False)

# the prefix for these keys in your cache.
CACHE_PREFIX = get_setting("DEFENDER_CACHE_PREFIX", "defender")

# if the django app is behind a reverse proxy, look for the
# ip address using this HTTP header value
REVERSE_PROXY_HEADER = get_setting(
    "DEFENDER_REVERSE_PROXY_HEADER", "HTTP_X_FORWARDED_FOR"
)

try:
    # how long to wait before the bad login attempt/lockout gets forgotten, in seconds.
    COOLOFF_TIME = int(get_setting("DEFENDER_COOLOFF_TIME", 300))  # seconds
    try:
        # how long to wait before the bad login attempt gets forgotten, in seconds.
        ATTEMPT_COOLOFF_TIME = int(get_setting("DEFENDER_ATTEMPT_COOLOFF_TIME", COOLOFF_TIME))  # measured in seconds
    except ValueError:  # pragma: no cover
        raise Exception("DEFENDER_ATTEMPT_COOLOFF_TIME needs to be an integer")  # pragma: no cover

    try:
        # how long to wait before a lockout gets forgotten, in seconds.
        LOCKOUT_COOLOFF_TIMES = [int(get_setting("DEFENDER_LOCKOUT_COOLOFF_TIME", COOLOFF_TIME))]  # measured in seconds
    except TypeError:  # pragma: no cover
        try:  # pragma: no cover
            cooloff_times = get_setting("DEFENDER_LOCKOUT_COOLOFF_TIME", [COOLOFF_TIME])  # measured in seconds
            for index, cooloff_time in enumerate(cooloff_times):  # pragma: no cover
                cooloff_times[index] = int(cooloff_time)  # pragma: no cover

            if not len(cooloff_times):  # pragma: no cover
                raise TypeError()  # pragma: no cover

            LOCKOUT_COOLOFF_TIMES = cooloff_times
        except (TypeError, ValueError):  # pragma: no cover
            raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element")  # pragma: no cover
    except ValueError:  # pragma: no cover
        raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element")  # pragma: no cover
except ValueError:  # pragma: no cover
    raise Exception("DEFENDER_COOLOFF_TIME needs to be an integer")  # pragma: no cover

LOCKOUT_TEMPLATE = get_setting("DEFENDER_LOCKOUT_TEMPLATE")

ERROR_MESSAGE = gettext_lazy(
    "Please enter a correct username and password. "
    "Note that both fields are case-sensitive."
)

LOCKOUT_URL = get_setting("DEFENDER_LOCKOUT_URL")

USE_CELERY = get_setting("DEFENDER_USE_CELERY", False)

STORE_ACCESS_ATTEMPTS = get_setting("DEFENDER_STORE_ACCESS_ATTEMPTS", True)

# Used by the management command to decide how long to keep access attempt
# recods. Number is # of hours.
try:
    ACCESS_ATTEMPT_EXPIRATION = int(
        get_setting("DEFENDER_ACCESS_ATTEMPT_EXPIRATION", 24)
    )
except ValueError:  # pragma: no cover
    raise Exception(
        "DEFENDER_ACCESS_ATTEMPT_EXPIRATION" " needs to be an integer"
    )  # pragma: no cover


GET_USERNAME_FROM_REQUEST_PATH = get_setting(
    "DEFENDER_GET_USERNAME_FROM_REQUEST_PATH", "defender.utils.username_from_request"
)
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`from django.conf import settings`
Fix failing tests to work with Django (4.0) main dev branch 2021-04-28 22:26:21 +00:00			`from django.utils.translation import gettext_lazy`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00

			`def get_setting(variable, default=None):`
			`""" get the 'variable' from settings if not there use the`
			`provided default """`
			`return getattr(settings, variable, default)`

Cleanup the code to remove lint warnings (#87) * Cleanup the code to remove lint warnings Signed-off-by: Ken Cochrane <kencochrane@gmail.com> * Fixed typo Signed-off-by: Ken Cochrane <kencochrane@gmail.com> 2017-06-28 21:09:44 +00:00
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`# redis server host`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`DEFENDER_REDIS_URL = get_setting("DEFENDER_REDIS_URL")`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
FIX: support for special character in redis password(such like '@') (#155) * FIX: if special character in redis password, we can set DEFENDER_REDIS_PASSWORD_QUOTE to True, and use quote password * MOD:add test cases with password_quota = True 2020-03-13 12:13:54 +00:00			`# redis password quote for special character`
			`DEFENDER_REDIS_PASSWORD_QUOTE = get_setting("DEFENDER_REDIS_PASSWORD_QUOTE", False)`

Taking redis client from django.core.cache (#82) * new setting that point to an already configured redis client * taking redis client from django cache setting * adding informative exception * dropping django 1.6 support * dropping django 1.7 support * adding tests * removing old coverage stuff + pep8 fixes * ups, wrong package * supporting multiple backends * adding documentation * dropping python 2.6 support 2017-06-24 23:17:15 +00:00			`# reuse declared cache from django settings`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`DEFENDER_REDIS_NAME = get_setting("DEFENDER_REDIS_NAME")`
Taking redis client from django.core.cache (#82) * new setting that point to an already configured redis client * taking redis client from django cache setting * adding informative exception * dropping django 1.6 support * dropping django 1.7 support * adding tests * removing old coverage stuff + pep8 fixes * ups, wrong package * supporting multiple backends * adding documentation * dropping python 2.6 support 2017-06-24 23:17:15 +00:00
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`MOCK_REDIS = get_setting("DEFENDER_MOCK_REDIS", False)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
			`# see if the user has overridden the failure limit`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`FAILURE_LIMIT = get_setting("DEFENDER_LOGIN_FAILURE_LIMIT", 3)`
			`USERNAME_FAILURE_LIMIT = get_setting(`
			`"DEFENDER_LOGIN_FAILURE_LIMIT_USERNAME", FAILURE_LIMIT`
			`)`
			`IP_FAILURE_LIMIT = get_setting("DEFENDER_LOGIN_FAILURE_LIMIT_IP", FAILURE_LIMIT)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
Added so that you can disable IP lockouts if you want 2015-10-21 20:33:08 +00:00			`# If this is True, the lockout checks to evaluate if the IP failure limit and`
			`# the username failure limit has been reached before issuing the lockout.`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`LOCKOUT_BY_IP_USERNAME = get_setting("DEFENDER_LOCK_OUT_BY_IP_AND_USERNAME", False)`
Add boolean to allow locking out by username & ip address combined 2015-04-21 22:21:29 +00:00
fixed pep8 issues 2015-10-21 20:44:12 +00:00			`# if this is True, The users IP address will not get locked when`
			`# there are too many login attempts.`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`DISABLE_IP_LOCKOUT = get_setting("DEFENDER_DISABLE_IP_LOCKOUT", False)`
Added so that you can disable IP lockouts if you want 2015-10-21 20:33:08 +00:00
Add DEFENDER_DISABLE_USERNAME_LOCKOUT 2016-06-20 04:20:47 +00:00			`# If this is True, usernames will not get locked when`
			`# there are too many login attempts.`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`DISABLE_USERNAME_LOCKOUT = get_setting("DEFENDER_DISABLE_USERNAME_LOCKOUT", False)`
Add DEFENDER_DISABLE_USERNAME_LOCKOUT 2016-06-20 04:20:47 +00:00
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`# use a specific username field to retrieve from login POST data`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`USERNAME_FORM_FIELD = get_setting("DEFENDER_USERNAME_FORM_FIELD", "username")`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
			`# see if the django app is sitting behind a reverse proxy`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`BEHIND_REVERSE_PROXY = get_setting("DEFENDER_BEHIND_REVERSE_PROXY", False)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
			`# the prefix for these keys in your cache.`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`CACHE_PREFIX = get_setting("DEFENDER_CACHE_PREFIX", "defender")`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
			`# if the django app is behind a reverse proxy, look for the`
			`# ip address using this HTTP header value`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`REVERSE_PROXY_HEADER = get_setting(`
			`"DEFENDER_REVERSE_PROXY_HEADER", "HTTP_X_FORWARDED_FOR"`
			`)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
added more unit tests 2015-01-02 21:02:09 +00:00			`try:`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00			`# how long to wait before the bad login attempt/lockout gets forgotten, in seconds.`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`COOLOFF_TIME = int(get_setting("DEFENDER_COOLOFF_TIME", 300)) # seconds`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00			`try:`
			`# how long to wait before the bad login attempt gets forgotten, in seconds.`
			`ATTEMPT_COOLOFF_TIME = int(get_setting("DEFENDER_ATTEMPT_COOLOFF_TIME", COOLOFF_TIME)) # measured in seconds`
Add pragma: no cover comments even though some of this stuff is covered... 2022-10-15 19:06:05 +00:00			`except ValueError: # pragma: no cover`
			`raise Exception("DEFENDER_ATTEMPT_COOLOFF_TIME needs to be an integer") # pragma: no cover`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00
			`try:`
			`# how long to wait before a lockout gets forgotten, in seconds.`
			`LOCKOUT_COOLOFF_TIMES = [int(get_setting("DEFENDER_LOCKOUT_COOLOFF_TIME", COOLOFF_TIME))] # measured in seconds`
Add pragma: no cover comments even though some of this stuff is covered... 2022-10-15 19:06:05 +00:00			`except TypeError: # pragma: no cover`
			`try: # pragma: no cover`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00			`cooloff_times = get_setting("DEFENDER_LOCKOUT_COOLOFF_TIME", [COOLOFF_TIME]) # measured in seconds`
Add pragma: no cover comments even though some of this stuff is covered... 2022-10-15 19:06:05 +00:00			`for index, cooloff_time in enumerate(cooloff_times): # pragma: no cover`
			`cooloff_times[index] = int(cooloff_time) # pragma: no cover`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00
Add pragma: no cover comments even though some of this stuff is covered... 2022-10-15 19:06:05 +00:00			`if not len(cooloff_times): # pragma: no cover`
Whoops, they worked I guess. Let's see if they still do or we need more changes. Also improve coverage 2022-10-15 18:22:01 +00:00			`raise TypeError() # pragma: no cover`
Add new config options and update logic/tests to account for them 2022-10-11 16:33:05 +00:00
			`LOCKOUT_COOLOFF_TIMES = cooloff_times`
Add pragma: no cover comments even though some of this stuff is covered... 2022-10-15 19:06:05 +00:00			`except (TypeError, ValueError): # pragma: no cover`
			`raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element") # pragma: no cover`
			`except ValueError: # pragma: no cover`
Whoops, they worked I guess. Let's see if they still do or we need more changes. Also improve coverage 2022-10-15 18:22:01 +00:00			`raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element") # pragma: no cover`
added one more unit test, and added a coverage ignore to a line 2015-01-02 21:10:12 +00:00			`except ValueError: # pragma: no cover`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`raise Exception("DEFENDER_COOLOFF_TIME needs to be an integer") # pragma: no cover`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`LOCKOUT_TEMPLATE = get_setting("DEFENDER_LOCKOUT_TEMPLATE")`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
Fix failing tests to work with Django (4.0) main dev branch 2021-04-28 22:26:21 +00:00			`ERROR_MESSAGE = gettext_lazy(`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`"Please enter a correct username and password. "`
			`"Note that both fields are case-sensitive."`
			`)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`LOCKOUT_URL = get_setting("DEFENDER_LOCKOUT_URL")`
moved a config out of middleware into config and also updated README 2015-01-03 15:34:19 +00:00
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`USE_CELERY = get_setting("DEFENDER_USE_CELERY", False)`
fixed issues #15 #35 and #36, added way to clean up access attempt table, as well as an option to not login attempts. Also speed up django admin pages 2015-03-20 14:09:39 +00:00
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`STORE_ACCESS_ATTEMPTS = get_setting("DEFENDER_STORE_ACCESS_ATTEMPTS", True)`
fixed issues #15 #35 and #36, added way to clean up access attempt table, as well as an option to not login attempts. Also speed up django admin pages 2015-03-20 14:09:39 +00:00
			`# Used by the management command to decide how long to keep access attempt`
			`# recods. Number is # of hours.`
			`try:`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`ACCESS_ATTEMPT_EXPIRATION = int(`
			`get_setting("DEFENDER_ACCESS_ATTEMPT_EXPIRATION", 24)`
			`)`
fixed issues #15 #35 and #36, added way to clean up access attempt table, as well as an option to not login attempts. Also speed up django admin pages 2015-03-20 14:09:39 +00:00			`except ValueError: # pragma: no cover`
			`raise Exception(`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`"DEFENDER_ACCESS_ATTEMPT_EXPIRATION" " needs to be an integer"`
			`) # pragma: no cover`
Add possibility to use custom `utils.get_username_from_request` function (#122) * Add `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting This setting allow to override default `get_username_from_request` function. * Add `get_username` argument to `watch_login` To be able to propagate this argument to other utils functions calls * Minor code-style fixes * Add example of use of `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting * Update docs 2018-05-29 14:32:08 +00:00

			`GET_USERNAME_FROM_REQUEST_PATH = get_setting(`
PEP8 formatting (#147) Run black with Python 2.7 as target version to unify the code styling and make it more linter and style guide compliant 2019-11-15 18:22:14 +00:00			`"DEFENDER_GET_USERNAME_FROM_REQUEST_PATH", "defender.utils.username_from_request"`
Add possibility to use custom `utils.get_username_from_request` function (#122) * Add `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting This setting allow to override default `get_username_from_request` function. * Add `get_username` argument to `watch_login` To be able to propagate this argument to other utils functions calls * Minor code-style fixes * Add example of use of `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting * Update docs 2018-05-29 14:32:08 +00:00			`)`