Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-03-16 22:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix test name and correct logic in data.py

Browse source
This commit is contained in:
djmore4 2022-10-15 14:50:33 -04:00 committed by Ken Cochrane
parent 359ee90082
commit 5139005106
2 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
defender/data.py
View file

@ -41,17 +41,21 @@ def get_approx_account_lockouts_from_login_attempts(ip_address=None, username=No
q = Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION))
failure_limit = config.FAILURE_LIMIT
if (ip_address and username \
and config.LOCKOUT_BY_IP_USERNAME \
and not (config.DISABLE_IP_LOCKOUT or config.DISABLE_USERNAME_LOCKOUT)
if (ip_address and username and config.LOCKOUT_BY_IP_USERNAME \
and not config.DISABLE_IP_LOCKOUT and not config.DISABLE_USERNAME_LOCKOUT
):
q = q & Q(ip_address=ip_address) & Q(username=username)
elif ip_address and not config.DISABLE_IP_LOCKOUT:
failure_limit = config.IP_FAILURE_LIMIT
q = q & Q(ip_address=ip_address)
elif username and not config.DISABLE_USERNAME_LOCKOUT:
failure_limit = config.USERNAME_FAILURE_LIMIT
q = q & Q(username=username)
elif not config.LOCKOUT_BY_IP_USERNAME:
if ip_address and not config.DISABLE_IP_LOCKOUT:
failure_limit = config.IP_FAILURE_LIMIT
q = q & Q(ip_address=ip_address)
elif username and not config.DISABLE_USERNAME_LOCKOUT:
failure_limit = config.USERNAME_FAILURE_LIMIT
q = q & Q(username=username)
else:
# If we've made it this far and didn't hit one of the other if or elif
# conditions, we're in an inappropriate context.
raise Exception("Invalid state requested")
else:
# If we've made it this far and didn't hit one of the other if or elif
# conditions, we're in an inappropriate context.

2
defender/tests.py
View file

@ -1004,7 +1004,7 @@ class AccessAttemptTest(DefenderTestCase):
@patch("defender.config.DISABLE_USERNAME_LOCKOUT", True)
@patch("defender.config.LOCKOUT_BY_IP_USERNAME", True)
def test_approx_account_lockout_count_default_case_invalid_args_pt3(self):
def test_approx_account_lockout_count_default_case_invalid_args_pt4(self):
with self.assertRaises(Exception):
get_approx_account_lockouts_from_login_attempts(ip_address="127.0.0.1", username=VALID_USERNAME)