Added changes and fixed small bug

CHANGES.rst

@@ -3,6 +3,8 @@ Changes
 =======
 
 - Confirm support for Django 4.1
+- Add ``DEFENDER_ATTEMPT_COOLOFF_TIME`` config to override ``DEFENDER_COOLOFF_TIME`` specifically for attempt lifespan [@djmore4]
+- Add ``DEFENDER_LOCKOUT_COOLOFF_TIME`` config to override ``DEFENDER_COOLOFF_TIME`` specifically for lockout duration [@djmore4]
 
 0.9.5
 =====

defender/utils.py

@@ -1,3 +1,4 @@
+from ipaddress import ip_address
 import logging
 import re
 
@@ -340,8 +341,10 @@ def reset_failed_attempts(ip_address=None, username=None):
 
 def lockout_response(request):
     """ if we are locked out, here is the response """
+    ip_address = get_ip(request)
+    username = get_username_from_request(request)
     if config.LOCKOUT_TEMPLATE:
-        cooloff_time = get_lockout_cooloff_time(ip_address=get_ip(request), username=get_username_from_request(request))
+        cooloff_time = get_lockout_cooloff_time(ip_address=ip_address, username=username)
         context = {
             "cooloff_time_seconds": cooloff_time,
             "cooloff_time_minutes": cooloff_time / 60,
@@ -352,7 +355,7 @@ def lockout_response(request):
     if config.LOCKOUT_URL:
         return HttpResponseRedirect(config.LOCKOUT_URL)
 
-    if get_lockout_cooloff_time():
+    if get_lockout_cooloff_time(ip_address=ip_address, username=username):
         return HttpResponse(
             "Account locked: too many login attempts.  " "Please try again later."
         )