Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-03-16 22:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Whoops, they worked I guess. Let's see if they still do or we need more changes. Also improve coverage

Browse source
This commit is contained in:
djmore4 2022-10-15 14:22:01 -04:00 committed by Ken Cochrane
parent de1c876b99
commit b9b067472c
3 changed files with 20 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
defender/config.py
View file

@ -72,13 +72,13 @@ try:
cooloff_times[index] = int(cooloff_time) cooloff_times[index] = int(cooloff_time)
if not len(cooloff_times): if not len(cooloff_times):
raise TypeError() raise TypeError() # pragma: no cover
LOCKOUT_COOLOFF_TIMES = cooloff_times LOCKOUT_COOLOFF_TIMES = cooloff_times
except (TypeError, ValueError): except (TypeError, ValueError):
raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element") raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element")
except ValueError: except ValueError:
raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element") raise Exception("DEFENDER_LOCKOUT_COOLOFF_TIME needs to be an integer or list of integers having at least one element") # pragma: no cover
except ValueError: # pragma: no cover except ValueError: # pragma: no cover
raise Exception("DEFENDER_COOLOFF_TIME needs to be an integer") # pragma: no cover raise Exception("DEFENDER_COOLOFF_TIME needs to be an integer") # pragma: no cover

34
defender/tests.py
View file

@ -13,6 +13,8 @@ from django.test.client import RequestFactory
from redis.client import Redis from redis.client import Redis
from django.urls import reverse from django.urls import reverse
from defender.data import get_approx_account_lockouts_from_login_attempts
from . import utils from . import utils
from . import config from . import config
from .signals import ( from .signals import (
@ -950,20 +952,12 @@ class AccessAttemptTest(DefenderTestCase):
self.assertRaises(Exception) self.assertRaises(Exception)
@patch("defender.config.LOCKOUT_COOLOFF_TIMES", [3, 6]) @patch("defender.config.LOCKOUT_COOLOFF_TIMES", [3, 6])
@patch("defender.config.IP_FAILURE_LIMIT", 3) @patch("defender.config.FAILURE_LIMIT", 3)
def test_lockout_cooloff_correctly_scales_with_ip_when_set(self): def test_lockout_cooloff_correctly_scales_with_ip_when_set(self):
self.test_ip_failure_limit() self.test_ip_failure_limit()
self.assertTrue(AccessAttempt.objects.filter(
Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION)) &
Q(ip_address="127.0.0.1")
).count() >= 3)
self.assertEqual(utils.get_lockout_cooloff_time(ip_address="127.0.0.1"), 3) self.assertEqual(utils.get_lockout_cooloff_time(ip_address="127.0.0.1"), 3)
utils.reset_failed_attempts(ip_address="127.0.0.1") utils.reset_failed_attempts(ip_address="127.0.0.1")
self.test_ip_failure_limit() self.test_ip_failure_limit()
self.assertTrue(AccessAttempt.objects.filter(
Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION)) &
Q(ip_address="127.0.0.1")
).count() >= 6)
self.assertEqual(utils.get_lockout_cooloff_time(ip_address="127.0.0.1"), 6) self.assertEqual(utils.get_lockout_cooloff_time(ip_address="127.0.0.1"), 6)
time.sleep(config.LOCKOUT_COOLOFF_TIMES[1]) time.sleep(config.LOCKOUT_COOLOFF_TIMES[1])
if config.MOCK_REDIS: if config.MOCK_REDIS:
@ -972,20 +966,12 @@ class AccessAttemptTest(DefenderTestCase):
self.test_valid_login() self.test_valid_login()
@patch("defender.config.LOCKOUT_COOLOFF_TIMES", [3, 6]) @patch("defender.config.LOCKOUT_COOLOFF_TIMES", [3, 6])
@patch("defender.config.USERNAME_FAILURE_LIMIT", 3) @patch("defender.config.FAILURE_LIMIT", 3)
def test_lockout_cooloff_correctly_scales_with_username_when_set(self): def test_lockout_cooloff_correctly_scales_with_username_when_set(self):
self.test_username_failure_limit() self.test_username_failure_limit()
self.assertTrue(AccessAttempt.objects.filter(
Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION)) &
Q(username=VALID_USERNAME)
).count() >= 3)
self.assertEqual(utils.get_lockout_cooloff_time(username=VALID_USERNAME), 3) self.assertEqual(utils.get_lockout_cooloff_time(username=VALID_USERNAME), 3)
utils.reset_failed_attempts(username=VALID_USERNAME) utils.reset_failed_attempts(username=VALID_USERNAME)
self.test_username_failure_limit() self.test_username_failure_limit()
self.assertTrue(AccessAttempt.objects.filter(
Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION)) &
Q(username=VALID_USERNAME)
).count() >= 6)
self.assertEqual(utils.get_lockout_cooloff_time(username=VALID_USERNAME), 6) self.assertEqual(utils.get_lockout_cooloff_time(username=VALID_USERNAME), 6)
time.sleep(config.LOCKOUT_COOLOFF_TIMES[1]) time.sleep(config.LOCKOUT_COOLOFF_TIMES[1])
if config.MOCK_REDIS: if config.MOCK_REDIS:
@ -993,6 +979,18 @@ class AccessAttemptTest(DefenderTestCase):
get_redis_connection().do_expire() # pragma: no cover get_redis_connection().do_expire() # pragma: no cover
self.test_valid_login() self.test_valid_login()
@patch("defender.config.STORE_ACCESS_ATTEMPTS", False)
def test_get_approx_account_lockouts_from_login_attempts_auto_return_zero_pt1(self):
self.assertEqual(get_approx_account_lockouts_from_login_attempts(ip_address="127.0.0.1"), 0)
def test_get_approx_account_lockouts_from_login_attempts_auto_return_zero_pt2(self):
self.assertEqual(get_approx_account_lockouts_from_login_attempts(), 0)
@patch("defender.config.DISABLE_IP_LOCKOUT", True)
def test_get_approx_account_lockouts_from_login_attempts_auto_return_zero_pt1(self):
with self.assertRaises(Exception):
get_approx_account_lockouts_from_login_attempts(ip_address="127.0.0.1")
class SignalTest(DefenderTestCase): class SignalTest(DefenderTestCase):
""" Test that signals are properly sent when blocking usernames and IPs. """ Test that signals are properly sent when blocking usernames and IPs.

2
defender/utils.py
View file

@ -206,6 +206,8 @@ def get_user_attempts(request, get_username=get_username_from_request, username=
return max(ip_count, username_count) return max(ip_count, username_count)
def get_lockout_cooloff_time(ip_address=None, username=None): def get_lockout_cooloff_time(ip_address=None, username=None):
if not config.LOCKOUT_COOLOFF_TIMES:
return 0
index = max(0, min( index = max(0, min(
len(config.LOCKOUT_COOLOFF_TIMES) - 1, len(config.LOCKOUT_COOLOFF_TIMES) - 1,
get_approx_account_lockouts_from_login_attempts(ip_address, username) - 1 get_approx_account_lockouts_from_login_attempts(ip_address, username) - 1