From 88c388ec421bf3d4db8656b700bb268343e96bca Mon Sep 17 00:00:00 2001 From: Ken Cochrane Date: Sun, 1 Feb 2015 10:17:10 -0500 Subject: [PATCH] add a fix so that we don't block an empty IP or username --- defender/tests.py | 3 ++- defender/utils.py | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/defender/tests.py b/defender/tests.py index 888db3d..5ec3927 100644 --- a/defender/tests.py +++ b/defender/tests.py @@ -21,7 +21,8 @@ from .test import DefenderTestCase, DefenderTransactionTestCase # Django >= 1.7 compatibility try: - LOGIN_FORM_KEY = '
' + LOGIN_FORM_KEY = '' ADMIN_LOGIN_URL = reverse('admin:login') except NoReverseMatch: ADMIN_LOGIN_URL = reverse('admin:index') diff --git a/defender/utils.py b/defender/utils.py index a7cd8b2..f0d66df 100644 --- a/defender/utils.py +++ b/defender/utils.py @@ -162,6 +162,9 @@ def get_user_attempts(request): def block_ip(ip): """ given the ip, block it """ + if not ip: + # no reason to continue when there is no ip + return key = get_ip_blocked_cache_key(ip) if config.COOLOFF_TIME: redis_server.set(key, 'blocked', config.COOLOFF_TIME) @@ -171,6 +174,9 @@ def block_ip(ip): def block_username(username): """ given the username block it. """ + if not username: + # no reason to continue when there is no username + return key = get_username_blocked_cache_key(username) if config.COOLOFF_TIME: redis_server.set(key, 'blocked', config.COOLOFF_TIME)