From bbe7687abdeed3d625c0436c343f9ad1e64f8a94 Mon Sep 17 00:00:00 2001 From: djmore4 Date: Tue, 11 Oct 2022 13:48:08 -0400 Subject: [PATCH] Added changes and fixed small bug --- CHANGES.rst | 2 ++ defender/utils.py | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index a2f7e20..2baa046 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,6 +3,8 @@ Changes ======= - Confirm support for Django 4.1 +- Add ``DEFENDER_ATTEMPT_COOLOFF_TIME`` config to override ``DEFENDER_COOLOFF_TIME`` specifically for attempt lifespan [@djmore4] +- Add ``DEFENDER_LOCKOUT_COOLOFF_TIME`` config to override ``DEFENDER_COOLOFF_TIME`` specifically for lockout duration [@djmore4] 0.9.5 ===== diff --git a/defender/utils.py b/defender/utils.py index 62da7f7..43b0584 100644 --- a/defender/utils.py +++ b/defender/utils.py @@ -1,3 +1,4 @@ +from ipaddress import ip_address import logging import re @@ -340,8 +341,10 @@ def reset_failed_attempts(ip_address=None, username=None): def lockout_response(request): """ if we are locked out, here is the response """ + ip_address = get_ip(request) + username = get_username_from_request(request) if config.LOCKOUT_TEMPLATE: - cooloff_time = get_lockout_cooloff_time(ip_address=get_ip(request), username=get_username_from_request(request)) + cooloff_time = get_lockout_cooloff_time(ip_address=ip_address, username=username) context = { "cooloff_time_seconds": cooloff_time, "cooloff_time_minutes": cooloff_time / 60, @@ -352,7 +355,7 @@ def lockout_response(request): if config.LOCKOUT_URL: return HttpResponseRedirect(config.LOCKOUT_URL) - if get_lockout_cooloff_time(): + if get_lockout_cooloff_time(ip_address=ip_address, username=username): return HttpResponse( "Account locked: too many login attempts. " "Please try again later." )