django-defender/defender/utils.py

import logging

from django.http import HttpResponse
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.core.validators import validate_ipv46_address
from django.core.exceptions import ValidationError

from .connection import get_redis_connection
from . import config
from .data import store_login_attempt

redis_server = get_redis_connection()

log = logging.getLogger(__name__)


def is_valid_ip(ip_address):
    """ Check Validity of an IP address """
    if not ip_address:
        return False
    ip_address = ip_address.strip()
    try:
        validate_ipv46_address(ip_address)
        return True
    except ValidationError:
        return False


def get_ip_address_from_request(request):
    """ Makes the best attempt to get the client's real IP or return
        the loopback """
    remote_addr = request.META.get('REMOTE_ADDR', '')
    if remote_addr and is_valid_ip(remote_addr):
            return remote_addr.strip()
    return '127.0.0.1'


def get_ip(request):
    """ get the ip address from the request """
    if config.BEHIND_REVERSE_PROXY:
        ip = request.META.get(config.REVERSE_PROXY_HEADER, '')
        ip = ip.split(",", 1)[0].strip()
        if ip == '':
            ip = get_ip_address_from_request(request)
    else:
        ip = get_ip_address_from_request(request)
    return ip


def get_ip_attempt_cache_key(ip):
    """ get the cache key by ip """
    return "{0}:failed:ip:{1}".format(config.CACHE_PREFIX, ip)


def get_username_attempt_cache_key(username):
    """ get the cache key by username """
    return "{0}:failed:username:{1}".format(config.CACHE_PREFIX, username)


def get_ip_blocked_cache_key(ip):
    """ get the cache key by ip """
    return "{0}:blocked:ip:{1}".format(config.CACHE_PREFIX, ip)


def get_username_blocked_cache_key(username):
    """ get the cache key by username """
    return "{0}:blocked:username:{1}".format(config.CACHE_PREFIX, username)


def strip_keys(key_list):
    """ Given a list of keys, remove the prefix and remove just
    the data we care about.

    for example:

        ['defender:blocked:ip:ken', 'defender:blocked:ip:joffrey']

    would result in:

        ['ken', 'joffrey']

    """
    return [key.split(":")[-1] for key in key_list]


def get_blocked_ips():
    """ get a list of blocked ips from redis """
    key = get_ip_blocked_cache_key("*")
    key_list = redis_server.keys(key)
    return strip_keys(key_list)


def get_blocked_usernames():
    """ get a list of blocked usernames from redis """
    key = get_username_blocked_cache_key("*")
    key_list = redis_server.keys(key)
    return strip_keys(key_list)


def increment_key(key):
    """ given a key increment the value """
    pipe = redis_server.pipeline()
    pipe.incr(key, 1)
    if config.COOLOFF_TIME:
        pipe.expire(key, config.COOLOFF_TIME)
    new_value = pipe.execute()[0]
    return new_value


def get_user_attempts(request):
    """ Returns number of access attempts for this ip, username
    """
    ip = get_ip(request)

    username = request.POST.get(config.USERNAME_FORM_FIELD, None)

    # get by IP
    ip_count = redis_server.get(get_ip_attempt_cache_key(ip))
    if not ip_count:
        ip_count = 0
    ip_count = int(ip_count)

    # get by username
    username_count = redis_server.get(get_username_attempt_cache_key(username))
    if not username_count:
        username_count = 0
    username_count = int(username_count)

    # return the larger of the two.
    return max(ip_count, username_count)


def block_ip(ip):
    """ given the ip, block it """
    if not ip:
        # no reason to continue when there is no ip
        return
    key = get_ip_blocked_cache_key(ip)
    if config.COOLOFF_TIME:
        redis_server.set(key, 'blocked', config.COOLOFF_TIME)
    else:
        redis_server.set(key, 'blocked')


def block_username(username):
    """ given the username block it. """
    if not username:
        # no reason to continue when there is no username
        return
    key = get_username_blocked_cache_key(username)
    if config.COOLOFF_TIME:
        redis_server.set(key, 'blocked', config.COOLOFF_TIME)
    else:
        redis_server.set(key, 'blocked')


def record_failed_attempt(ip, username):
    """ record the failed login attempt, if over limit return False,
    if not over limit return True """
    # increment the failed count, and get current number
    ip_count = increment_key(get_ip_attempt_cache_key(ip))
    user_count = increment_key(get_username_attempt_cache_key(username))

    ip_block = False
    user_block = False
    # if either are over the limit, add to block
    if ip_count > config.FAILURE_LIMIT:
        block_ip(ip)
        ip_block = True
    if user_count > config.FAILURE_LIMIT:
        block_username(username)
        user_block = True
    # if any blocks return False, no blocks return True
    return not (ip_block or user_block)


def unblock_ip(ip, pipe=None):
    """ unblock the given IP """
    do_commit = False
    if not pipe:
        pipe = redis_server.pipeline()
        do_commit = True
    if ip:
        pipe.delete(get_ip_attempt_cache_key(ip))
        pipe.delete(get_ip_blocked_cache_key(ip))
        if do_commit:
            pipe.execute()


def unblock_username(username, pipe=None):
    """ unblock the given Username """
    do_commit = False
    if not pipe:
        pipe = redis_server.pipeline()
        do_commit = True
    if username:
        pipe.delete(get_username_attempt_cache_key(username))
        pipe.delete(get_username_blocked_cache_key(username))
        if do_commit:
            pipe.execute()


def reset_failed_attempts(ip=None, username=None):
    """ reset the failed attempts for these ip's and usernames
    """
    pipe = redis_server.pipeline()

    unblock_ip(ip, pipe=pipe)
    unblock_username(username, pipe=pipe)

    pipe.execute()


def lockout_response(request):
    """ if we are locked out, here is the response """
    if config.LOCKOUT_TEMPLATE:
        context = {
            'cooloff_time_seconds': config.COOLOFF_TIME,
            'cooloff_time_minutes': config.COOLOFF_TIME / 60,
            'failure_limit': config.FAILURE_LIMIT,
        }
        return render_to_response(config.LOCKOUT_TEMPLATE, context,
                                  context_instance=RequestContext(request))

    if config.LOCKOUT_URL:
        return HttpResponseRedirect(config.LOCKOUT_URL)

    if config.COOLOFF_TIME:
        return HttpResponse("Account locked: too many login attempts.  "
                            "Please try again later.")
    else:
        return HttpResponse("Account locked: too many login attempts.  "
                            "Contact an admin to unlock your account.")


def is_already_locked(request):
    """ Is this IP/username already locked? """
    ip_address = get_ip(request)
    username = request.POST.get(config.USERNAME_FORM_FIELD, None)

    # ip blocked?
    ip_blocked = redis_server.get(get_ip_blocked_cache_key(ip_address))

    if not ip_blocked:
        ip_blocked = False
    else:
        # short circuit no need to check username if ip is already blocked.
        return True

    # username blocked?
    user_blocked = redis_server.get(get_username_blocked_cache_key(username))
    if user_blocked:
        return True

    # if the username nor ip is blocked, the request is not blocked
    return False


def check_request(request, login_unsuccessful):
    """ check the request, and process results"""
    ip_address = get_ip(request)
    username = request.POST.get(config.USERNAME_FORM_FIELD, None)

    if not login_unsuccessful:
        # user logged in -- forget the failed attempts
        reset_failed_attempts(ip=ip_address, username=username)
        return True
    else:
        # add a failed attempt for this user
        return record_failed_attempt(ip_address, username)


def add_login_attempt_to_db(request, login_valid):
    """ Create a record for the login attempt If using celery call celery
    task, if not, call the method normally """
    user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
    ip_address = get_ip(request)
    username = request.POST.get(config.USERNAME_FORM_FIELD, None)
    http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
    path_info = request.META.get('PATH_INFO', '<unknown>')

    if config.USE_CELERY:
        from .tasks import add_login_attempt_task
        add_login_attempt_task.delay(user_agent, ip_address, username,
                                     http_accept, path_info, login_valid)
    else:
        store_login_attempt(user_agent, ip_address, username,
                            http_accept, path_info, login_valid)
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`import logging`

			`from django.http import HttpResponse`
			`from django.http import HttpResponseRedirect`
			`from django.shortcuts import render_to_response`
			`from django.template import RequestContext`
took marcus's advice and used the built in django validator 2015-02-25 03:02:06 +00:00			`from django.core.validators import validate_ipv46_address`
			`from django.core.exceptions import ValidationError`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`from .connection import get_redis_connection`
			`from . import config`
Add Celery option for writing to database 2015-01-03 21:33:51 +00:00			`from .data import store_login_attempt`
more refactoring to clean up the code 2015-01-01 00:27:18 +00:00
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`redis_server = get_redis_connection()`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`log = logging.getLogger(__name__)`


			`def is_valid_ip(ip_address):`
			`""" Check Validity of an IP address """`
added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 23:16:08 +00:00			`if not ip_address:`
			`return False`
			`ip_address = ip_address.strip()`
took marcus's advice and used the built in django validator 2015-02-25 03:02:06 +00:00			`try:`
			`validate_ipv46_address(ip_address)`
added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 23:16:08 +00:00			`return True`
took marcus's advice and used the built in django validator 2015-02-25 03:02:06 +00:00			`except ValidationError:`
			`return False`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def get_ip_address_from_request(request):`
			`""" Makes the best attempt to get the client's real IP or return`
			`the loopback """`
added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 23:16:08 +00:00			`remote_addr = request.META.get('REMOTE_ADDR', '')`
			`if remote_addr and is_valid_ip(remote_addr):`
			`return remote_addr.strip()`
			`return '127.0.0.1'`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def get_ip(request):`
			`""" get the ip address from the request """`
added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 23:16:08 +00:00			`if config.BEHIND_REVERSE_PROXY:`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`ip = request.META.get(config.REVERSE_PROXY_HEADER, '')`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`ip = ip.split(",", 1)[0].strip()`
			`if ip == '':`
bumped the django versions on travis, and added a fix to get_ip() 2015-02-25 15:03:05 +00:00			`ip = get_ip_address_from_request(request)`
added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 23:16:08 +00:00			`else:`
			`ip = get_ip_address_from_request(request)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`return ip`


			`def get_ip_attempt_cache_key(ip):`
			`""" get the cache key by ip """`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`return "{0}:failed:ip:{1}".format(config.CACHE_PREFIX, ip)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def get_username_attempt_cache_key(username):`
			`""" get the cache key by username """`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`return "{0}:failed:username:{1}".format(config.CACHE_PREFIX, username)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def get_ip_blocked_cache_key(ip):`
			`""" get the cache key by ip """`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`return "{0}:blocked:ip:{1}".format(config.CACHE_PREFIX, ip)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def get_username_blocked_cache_key(username):`
			`""" get the cache key by username """`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`return "{0}:blocked:username:{1}".format(config.CACHE_PREFIX, username)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

initial commit, adding admin pages to manage blocked users 2015-01-27 23:06:56 +00:00			`def strip_keys(key_list):`
			`""" Given a list of keys, remove the prefix and remove just`
			`the data we care about.`

			`for example:`

			`['defender:blocked:ip:ken', 'defender:blocked:ip:joffrey']`

			`would result in:`

			`['ken', 'joffrey']`

			`"""`
			`return [key.split(":")[-1] for key in key_list]`


			`def get_blocked_ips():`
			`""" get a list of blocked ips from redis """`
			`key = get_ip_blocked_cache_key("*")`
			`key_list = redis_server.keys(key)`
			`return strip_keys(key_list)`


			`def get_blocked_usernames():`
			`""" get a list of blocked usernames from redis """`
			`key = get_username_blocked_cache_key("*")`
			`key_list = redis_server.keys(key)`
			`return strip_keys(key_list)`


refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`def increment_key(key):`
			`""" given a key increment the value """`
Use pipelines for atomic transactions 2015-01-03 00:07:01 +00:00			`pipe = redis_server.pipeline()`
			`pipe.incr(key, 1)`
Ensure we don't break when cooloff time is 0 ('permanent' lock) 2015-01-02 20:12:57 +00:00			`if config.COOLOFF_TIME:`
Use pipelines for atomic transactions 2015-01-03 00:07:01 +00:00			`pipe.expire(key, config.COOLOFF_TIME)`
			`new_value = pipe.execute()[0]`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`return new_value`


			`def get_user_attempts(request):`
more refactoring and added a unit test 2015-01-01 00:44:21 +00:00			`""" Returns number of access attempts for this ip, username`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`"""`
			`ip = get_ip(request)`

more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`username = request.POST.get(config.USERNAME_FORM_FIELD, None)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`# get by IP`
			`ip_count = redis_server.get(get_ip_attempt_cache_key(ip))`
			`if not ip_count:`
			`ip_count = 0`
Fixed get_user_attempts() and unit tests 2015-01-02 21:26:43 +00:00			`ip_count = int(ip_count)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`# get by username`
			`username_count = redis_server.get(get_username_attempt_cache_key(username))`
			`if not username_count:`
			`username_count = 0`
Fixed get_user_attempts() and unit tests 2015-01-02 21:26:43 +00:00			`username_count = int(username_count)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`# return the larger of the two.`
			`return max(ip_count, username_count)`


			`def block_ip(ip):`
more refactoring and added a unit test 2015-01-01 00:44:21 +00:00			`""" given the ip, block it """`
add a fix so that we don't block an empty IP or username 2015-02-01 15:17:10 +00:00			`if not ip:`
			`# no reason to continue when there is no ip`
			`return`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`key = get_ip_blocked_cache_key(ip)`
Ensure we don't break when cooloff time is 0 ('permanent' lock) 2015-01-02 20:12:57 +00:00			`if config.COOLOFF_TIME:`
			`redis_server.set(key, 'blocked', config.COOLOFF_TIME)`
			`else:`
			`redis_server.set(key, 'blocked')`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def block_username(username):`
			`""" given the username block it. """`
add a fix so that we don't block an empty IP or username 2015-02-01 15:17:10 +00:00			`if not username:`
			`# no reason to continue when there is no username`
			`return`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`key = get_username_blocked_cache_key(username)`
Ensure we don't break when cooloff time is 0 ('permanent' lock) 2015-01-02 20:12:57 +00:00			`if config.COOLOFF_TIME:`
			`redis_server.set(key, 'blocked', config.COOLOFF_TIME)`
			`else:`
			`redis_server.set(key, 'blocked')`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def record_failed_attempt(ip, username):`
			`""" record the failed login attempt, if over limit return False,`
			`if not over limit return True """`
			`# increment the failed count, and get current number`
			`ip_count = increment_key(get_ip_attempt_cache_key(ip))`
			`user_count = increment_key(get_username_attempt_cache_key(username))`

fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-30 01:02:35 +00:00			`ip_block = False`
			`user_block = False`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`# if either are over the limit, add to block`
fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-30 01:02:35 +00:00			`if ip_count > config.FAILURE_LIMIT:`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`block_ip(ip)`
fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-30 01:02:35 +00:00			`ip_block = True`
			`if user_count > config.FAILURE_LIMIT:`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`block_username(username)`
fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-30 01:02:35 +00:00			`user_block = True`
			`# if any blocks return False, no blocks return True`
			`return not (ip_block or user_block)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

initial commit, adding admin pages to manage blocked users 2015-01-27 23:06:56 +00:00			`def unblock_ip(ip, pipe=None):`
			`""" unblock the given IP """`
			`do_commit = False`
			`if not pipe:`
			`pipe = redis_server.pipeline()`
			`do_commit = True`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`if ip:`
Use pipelines for atomic transactions 2015-01-03 00:07:01 +00:00			`pipe.delete(get_ip_attempt_cache_key(ip))`
			`pipe.delete(get_ip_blocked_cache_key(ip))`
initial commit, adding admin pages to manage blocked users 2015-01-27 23:06:56 +00:00			`if do_commit:`
			`pipe.execute()`


			`def unblock_username(username, pipe=None):`
			`""" unblock the given Username """`
			`do_commit = False`
			`if not pipe:`
			`pipe = redis_server.pipeline()`
			`do_commit = True`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`if username:`
Use pipelines for atomic transactions 2015-01-03 00:07:01 +00:00			`pipe.delete(get_username_attempt_cache_key(username))`
			`pipe.delete(get_username_blocked_cache_key(username))`
initial commit, adding admin pages to manage blocked users 2015-01-27 23:06:56 +00:00			`if do_commit:`
			`pipe.execute()`


			`def reset_failed_attempts(ip=None, username=None):`
			`""" reset the failed attempts for these ip's and usernames`
			`"""`
			`pipe = redis_server.pipeline()`

			`unblock_ip(ip, pipe=pipe)`
			`unblock_username(username, pipe=pipe)`

Use pipelines for atomic transactions 2015-01-03 00:07:01 +00:00			`pipe.execute()`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def lockout_response(request):`
			`""" if we are locked out, here is the response """`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`if config.LOCKOUT_TEMPLATE:`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`context = {`
added new context variable to lockout template 2015-01-29 13:10:19 +00:00			`'cooloff_time_seconds': config.COOLOFF_TIME,`
			`'cooloff_time_minutes': config.COOLOFF_TIME / 60,`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`'failure_limit': config.FAILURE_LIMIT,`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`}`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`return render_to_response(config.LOCKOUT_TEMPLATE, context,`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`context_instance=RequestContext(request))`

more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`if config.LOCKOUT_URL:`
			`return HttpResponseRedirect(config.LOCKOUT_URL)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`if config.COOLOFF_TIME:`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00			`return HttpResponse("Account locked: too many login attempts. "`
			`"Please try again later.")`
			`else:`
			`return HttpResponse("Account locked: too many login attempts. "`
			`"Contact an admin to unlock your account.")`


			`def is_already_locked(request):`
			`""" Is this IP/username already locked? """`
			`ip_address = get_ip(request)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`username = request.POST.get(config.USERNAME_FORM_FIELD, None)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`# ip blocked?`
			`ip_blocked = redis_server.get(get_ip_blocked_cache_key(ip_address))`

			`if not ip_blocked:`
			`ip_blocked = False`
			`else:`
			`# short circuit no need to check username if ip is already blocked.`
			`return True`

			`# username blocked?`
			`user_blocked = redis_server.get(get_username_blocked_cache_key(username))`
refactor is_already_locked and add better test coverage Simplify the is_already_locked code and make sure that we're testing that code better. 2015-01-12 17:42:38 +00:00			`if user_blocked:`
			`return True`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
refactor is_already_locked and add better test coverage Simplify the is_already_locked code and make sure that we're testing that code better. 2015-01-12 17:42:38 +00:00			`# if the username nor ip is blocked, the request is not blocked`
			`return False`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00

			`def check_request(request, login_unsuccessful):`
			`""" check the request, and process results"""`
			`ip_address = get_ip(request)`
more refactoring and unit tests 2015-01-01 17:51:46 +00:00			`username = request.POST.get(config.USERNAME_FORM_FIELD, None)`
refactored the code a little, and updated readme to include missing config 2014-12-31 22:00:45 +00:00
			`if not login_unsuccessful:`
			`# user logged in -- forget the failed attempts`
			`reset_failed_attempts(ip=ip_address, username=username)`
			`return True`
			`else:`
			`# add a failed attempt for this user`
			`return record_failed_attempt(ip_address, username)`
more refactoring to clean up the code 2015-01-01 00:27:18 +00:00

Add Celery option for writing to database 2015-01-03 21:33:51 +00:00			`def add_login_attempt_to_db(request, login_valid):`
			`""" Create a record for the login attempt If using celery call celery`
			`task, if not, call the method normally """`
			`user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]`
			`ip_address = get_ip(request)`
			`username = request.POST.get(config.USERNAME_FORM_FIELD, None)`
			`http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')`
			`path_info = request.META.get('PATH_INFO', '<unknown>')`

			`if config.USE_CELERY:`
			`from .tasks import add_login_attempt_task`
			`add_login_attempt_task.delay(user_agent, ip_address, username,`
			`http_accept, path_info, login_valid)`
			`else:`
			`store_login_attempt(user_agent, ip_address, username,`
			`http_accept, path_info, login_valid)`