Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-03-16 22:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cleaned up some landscape.io warnings

Browse source
This commit is contained in:
Ken Cochrane 2015-03-20 11:09:45 -04:00
parent 8ef0420b23
commit fb095e4ca9
6 changed files with 64 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
defender/connection.py
View file

@ -11,13 +11,13 @@ from . import config
urlparse.uses_netloc.append("redis") urlparse.uses_netloc.append("redis")
mocked_redis = mockredis.mock_strict_redis_client() MOCKED_REDIS = mockredis.mock_strict_redis_client()
def get_redis_connection(): def get_redis_connection():
""" Get the redis connection if not using mock """ """ Get the redis connection if not using mock """
if config.MOCK_REDIS: # pragma: no cover if config.MOCK_REDIS: # pragma: no cover
return mocked_redis # pragma: no cover return MOCKED_REDIS # pragma: no cover
else: # pragma: no cover else: # pragma: no cover
redis_config = parse_redis_url(config.DEFENDER_REDIS_URL) redis_config = parse_redis_url(config.DEFENDER_REDIS_URL)
return redis.StrictRedis( return redis.StrictRedis(
@ -31,7 +31,7 @@ def parse_redis_url(url):
"""Parses a redis URL.""" """Parses a redis URL."""
# create config with some sane defaults # create config with some sane defaults
config = { redis_config = {
"DB": 0, "DB": 0,
"PASSWORD": None, "PASSWORD": None,
"HOST": "localhost", "HOST": "localhost",
@ -39,7 +39,7 @@ def parse_redis_url(url):
} }
if not url: if not url:
return config return redis_config
url = urlparse.urlparse(url) url = urlparse.urlparse(url)
# Remove query strings. # Remove query strings.
@ -47,12 +47,12 @@ def parse_redis_url(url):
path = path.split('?', 2)[0] path = path.split('?', 2)[0]
if path: if path:
config.update({"DB": int(path)}) redis_config.update({"DB": int(path)})
if url.password: if url.password:
config.update({"PASSWORD": url.password}) redis_config.update({"PASSWORD": url.password})
if url.hostname: if url.hostname:
config.update({"HOST": url.hostname}) redis_config.update({"HOST": url.hostname})
if url.port: if url.port:
config.update({"PORT": int(url.port)}) redis_config.update({"PORT": int(url.port)})
return config return redis_config

1
defender/management/commands/cleanup_django_axes.py
View file

@ -1,3 +1,4 @@
from __future__ import print_function
from datetime import timedelta from datetime import timedelta
from django.core.management.base import BaseCommand from django.core.management.base import BaseCommand

18
defender/tests.py
View file

@ -253,7 +253,7 @@ class AccessAttemptTest(DefenderTestCase):
self.test_failure_limit_by_ip_once() self.test_failure_limit_by_ip_once()
# Reset the ip so we can try again # Reset the ip so we can try again
utils.reset_failed_attempts(ip='127.0.0.1') utils.reset_failed_attempts(ip_address='127.0.0.1')
# Make a login attempt again # Make a login attempt again
self.test_valid_login() self.test_valid_login()
@ -550,13 +550,13 @@ class DefenderTestCaseTest(DefenderTestCase):
key = 'test_key' key = 'test_key'
def test_first_incr(self): def test_first_incr(self):
utils.redis_server.incr(self.key) utils.REDIS_SERVER.incr(self.key)
result = int(utils.redis_server.get(self.key)) result = int(utils.REDIS_SERVER.get(self.key))
self.assertEqual(result, 1) self.assertEqual(result, 1)
def test_second_incr(self): def test_second_incr(self):
utils.redis_server.incr(self.key) utils.REDIS_SERVER.incr(self.key)
result = int(utils.redis_server.get(self.key)) result = int(utils.REDIS_SERVER.get(self.key))
self.assertEqual(result, 1) self.assertEqual(result, 1)
@ -565,11 +565,11 @@ class DefenderTransactionTestCaseTest(DefenderTransactionTestCase):
key = 'test_key' key = 'test_key'
def test_first_incr(self): def test_first_incr(self):
utils.redis_server.incr(self.key) utils.REDIS_SERVER.incr(self.key)
result = int(utils.redis_server.get(self.key)) result = int(utils.REDIS_SERVER.get(self.key))
self.assertEqual(result, 1) self.assertEqual(result, 1)
def test_second_incr(self): def test_second_incr(self):
utils.redis_server.incr(self.key) utils.REDIS_SERVER.incr(self.key)
result = int(utils.redis_server.get(self.key)) result = int(utils.REDIS_SERVER.get(self.key))
self.assertEqual(result, 1) self.assertEqual(result, 1)

4
defender/urls.py
View file

@ -1,11 +1,11 @@
from django.conf.urls import patterns, url from django.conf.urls import patterns, url
from views import block_view, unblock_ip_view, unblock_username_view from .views import block_view, unblock_ip_view, unblock_username_view
urlpatterns = patterns( urlpatterns = patterns(
'', '',
url(r'^blocks/$', block_view, url(r'^blocks/$', block_view,
name="defender_blocks_view"), name="defender_blocks_view"),
url(r'^blocks/ip/(?P<ip>[a-z0-9-._]+)/unblock$', unblock_ip_view, url(r'^blocks/ip/(?P<ip_address>[a-z0-9-._]+)/unblock$', unblock_ip_view,
name="defender_unblock_ip_view"), name="defender_unblock_ip_view"),
url(r'^blocks/username/(?P<username>[a-z0-9-._@]+)/unblock$', url(r'^blocks/username/(?P<username>[a-z0-9-._@]+)/unblock$',
unblock_username_view, unblock_username_view,

82
defender/utils.py
View file

@ -11,9 +11,9 @@ from .connection import get_redis_connection
from . import config from . import config
from .data import store_login_attempt from .data import store_login_attempt
redis_server = get_redis_connection() REDIS_SERVER = get_redis_connection()
log = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
def is_valid_ip(ip_address): def is_valid_ip(ip_address):
@ -33,25 +33,25 @@ def get_ip_address_from_request(request):
the loopback """ the loopback """
remote_addr = request.META.get('REMOTE_ADDR', '') remote_addr = request.META.get('REMOTE_ADDR', '')
if remote_addr and is_valid_ip(remote_addr): if remote_addr and is_valid_ip(remote_addr):
return remote_addr.strip() return remote_addr.strip()
return '127.0.0.1' return '127.0.0.1'
def get_ip(request): def get_ip(request):
""" get the ip address from the request """ """ get the ip address from the request """
if config.BEHIND_REVERSE_PROXY: if config.BEHIND_REVERSE_PROXY:
ip = request.META.get(config.REVERSE_PROXY_HEADER, '') ip_address = request.META.get(config.REVERSE_PROXY_HEADER, '')
ip = ip.split(",", 1)[0].strip() ip_address = ip_address.split(",", 1)[0].strip()
if ip == '': if ip_address == '':
ip = get_ip_address_from_request(request) ip_address = get_ip_address_from_request(request)
else: else:
ip = get_ip_address_from_request(request) ip_address = get_ip_address_from_request(request)
return ip return ip_address
def get_ip_attempt_cache_key(ip): def get_ip_attempt_cache_key(ip_address):
""" get the cache key by ip """ """ get the cache key by ip """
return "{0}:failed:ip:{1}".format(config.CACHE_PREFIX, ip) return "{0}:failed:ip:{1}".format(config.CACHE_PREFIX, ip_address)
def get_username_attempt_cache_key(username): def get_username_attempt_cache_key(username):
@ -59,9 +59,9 @@ def get_username_attempt_cache_key(username):
return "{0}:failed:username:{1}".format(config.CACHE_PREFIX, username) return "{0}:failed:username:{1}".format(config.CACHE_PREFIX, username)
def get_ip_blocked_cache_key(ip): def get_ip_blocked_cache_key(ip_address):
""" get the cache key by ip """ """ get the cache key by ip """
return "{0}:blocked:ip:{1}".format(config.CACHE_PREFIX, ip) return "{0}:blocked:ip:{1}".format(config.CACHE_PREFIX, ip_address)
def get_username_blocked_cache_key(username): def get_username_blocked_cache_key(username):
@ -88,20 +88,20 @@ def strip_keys(key_list):
def get_blocked_ips(): def get_blocked_ips():
""" get a list of blocked ips from redis """ """ get a list of blocked ips from redis """
key = get_ip_blocked_cache_key("*") key = get_ip_blocked_cache_key("*")
key_list = redis_server.keys(key) key_list = REDIS_SERVER.keys(key)
return strip_keys(key_list) return strip_keys(key_list)
def get_blocked_usernames(): def get_blocked_usernames():
""" get a list of blocked usernames from redis """ """ get a list of blocked usernames from redis """
key = get_username_blocked_cache_key("*") key = get_username_blocked_cache_key("*")
key_list = redis_server.keys(key) key_list = REDIS_SERVER.keys(key)
return strip_keys(key_list) return strip_keys(key_list)
def increment_key(key): def increment_key(key):
""" given a key increment the value """ """ given a key increment the value """
pipe = redis_server.pipeline() pipe = REDIS_SERVER.pipeline()
pipe.incr(key, 1) pipe.incr(key, 1)
if config.COOLOFF_TIME: if config.COOLOFF_TIME:
pipe.expire(key, config.COOLOFF_TIME) pipe.expire(key, config.COOLOFF_TIME)
@ -112,18 +112,18 @@ def increment_key(key):
def get_user_attempts(request): def get_user_attempts(request):
""" Returns number of access attempts for this ip, username """ Returns number of access attempts for this ip, username
""" """
ip = get_ip(request) ip_address = get_ip(request)
username = request.POST.get(config.USERNAME_FORM_FIELD, None) username = request.POST.get(config.USERNAME_FORM_FIELD, None)
# get by IP # get by IP
ip_count = redis_server.get(get_ip_attempt_cache_key(ip)) ip_count = REDIS_SERVER.get(get_ip_attempt_cache_key(ip_address))
if not ip_count: if not ip_count:
ip_count = 0 ip_count = 0
ip_count = int(ip_count) ip_count = int(ip_count)
# get by username # get by username
username_count = redis_server.get(get_username_attempt_cache_key(username)) username_count = REDIS_SERVER.get(get_username_attempt_cache_key(username))
if not username_count: if not username_count:
username_count = 0 username_count = 0
username_count = int(username_count) username_count = int(username_count)
@ -132,16 +132,16 @@ def get_user_attempts(request):
return max(ip_count, username_count) return max(ip_count, username_count)
def block_ip(ip): def block_ip(ip_address):
""" given the ip, block it """ """ given the ip, block it """
if not ip: if not ip_address:
# no reason to continue when there is no ip # no reason to continue when there is no ip
return return
key = get_ip_blocked_cache_key(ip) key = get_ip_blocked_cache_key(ip_address)
if config.COOLOFF_TIME: if config.COOLOFF_TIME:
redis_server.set(key, 'blocked', config.COOLOFF_TIME) REDIS_SERVER.set(key, 'blocked', config.COOLOFF_TIME)
else: else:
redis_server.set(key, 'blocked') REDIS_SERVER.set(key, 'blocked')
def block_username(username): def block_username(username):
@ -151,23 +151,23 @@ def block_username(username):
return return
key = get_username_blocked_cache_key(username) key = get_username_blocked_cache_key(username)
if config.COOLOFF_TIME: if config.COOLOFF_TIME:
redis_server.set(key, 'blocked', config.COOLOFF_TIME) REDIS_SERVER.set(key, 'blocked', config.COOLOFF_TIME)
else: else:
redis_server.set(key, 'blocked') REDIS_SERVER.set(key, 'blocked')
def record_failed_attempt(ip, username): def record_failed_attempt(ip_address, username):
""" record the failed login attempt, if over limit return False, """ record the failed login attempt, if over limit return False,
if not over limit return True """ if not over limit return True """
# increment the failed count, and get current number # increment the failed count, and get current number
ip_count = increment_key(get_ip_attempt_cache_key(ip)) ip_count = increment_key(get_ip_attempt_cache_key(ip_address))
user_count = increment_key(get_username_attempt_cache_key(username)) user_count = increment_key(get_username_attempt_cache_key(username))
ip_block = False ip_block = False
user_block = False user_block = False
# if either are over the limit, add to block # if either are over the limit, add to block
if ip_count > config.FAILURE_LIMIT: if ip_count > config.FAILURE_LIMIT:
block_ip(ip) block_ip(ip_address)
ip_block = True ip_block = True
if user_count > config.FAILURE_LIMIT: if user_count > config.FAILURE_LIMIT:
block_username(username) block_username(username)
@ -176,15 +176,15 @@ def record_failed_attempt(ip, username):
return not (ip_block or user_block) return not (ip_block or user_block)
def unblock_ip(ip, pipe=None): def unblock_ip(ip_address, pipe=None):
""" unblock the given IP """ """ unblock the given IP """
do_commit = False do_commit = False
if not pipe: if not pipe:
pipe = redis_server.pipeline() pipe = REDIS_SERVER.pipeline()
do_commit = True do_commit = True
if ip: if ip_address:
pipe.delete(get_ip_attempt_cache_key(ip)) pipe.delete(get_ip_attempt_cache_key(ip_address))
pipe.delete(get_ip_blocked_cache_key(ip)) pipe.delete(get_ip_blocked_cache_key(ip_address))
if do_commit: if do_commit:
pipe.execute() pipe.execute()
@ -193,7 +193,7 @@ def unblock_username(username, pipe=None):
""" unblock the given Username """ """ unblock the given Username """
do_commit = False do_commit = False
if not pipe: if not pipe:
pipe = redis_server.pipeline() pipe = REDIS_SERVER.pipeline()
do_commit = True do_commit = True
if username: if username:
pipe.delete(get_username_attempt_cache_key(username)) pipe.delete(get_username_attempt_cache_key(username))
@ -202,12 +202,12 @@ def unblock_username(username, pipe=None):
pipe.execute() pipe.execute()
def reset_failed_attempts(ip=None, username=None): def reset_failed_attempts(ip_address=None, username=None):
""" reset the failed attempts for these ip's and usernames """ reset the failed attempts for these ip's and usernames
""" """
pipe = redis_server.pipeline() pipe = REDIS_SERVER.pipeline()
unblock_ip(ip, pipe=pipe) unblock_ip(ip_address, pipe=pipe)
unblock_username(username, pipe=pipe) unblock_username(username, pipe=pipe)
pipe.execute() pipe.execute()
@ -241,7 +241,7 @@ def is_already_locked(request):
username = request.POST.get(config.USERNAME_FORM_FIELD, None) username = request.POST.get(config.USERNAME_FORM_FIELD, None)
# ip blocked? # ip blocked?
ip_blocked = redis_server.get(get_ip_blocked_cache_key(ip_address)) ip_blocked = REDIS_SERVER.get(get_ip_blocked_cache_key(ip_address))
if not ip_blocked: if not ip_blocked:
ip_blocked = False ip_blocked = False
@ -250,7 +250,7 @@ def is_already_locked(request):
return True return True
# username blocked? # username blocked?
user_blocked = redis_server.get(get_username_blocked_cache_key(username)) user_blocked = REDIS_SERVER.get(get_username_blocked_cache_key(username))
if user_blocked: if user_blocked:
return True return True
@ -265,7 +265,7 @@ def check_request(request, login_unsuccessful):
if not login_unsuccessful: if not login_unsuccessful:
# user logged in -- forget the failed attempts # user logged in -- forget the failed attempts
reset_failed_attempts(ip=ip_address, username=username) reset_failed_attempts(ip_address=ip_address, username=username)
return True return True
else: else:
# add a failed attempt for this user # add a failed attempt for this user

4
defender/views.py
View file

@ -22,10 +22,10 @@ def block_view(request):
@staff_member_required @staff_member_required
def unblock_ip_view(request, ip): def unblock_ip_view(request, ip_address):
""" upblock the given ip """ """ upblock the given ip """
if request.method == 'POST': if request.method == 'POST':
unblock_ip(ip) unblock_ip(ip_address)
return HttpResponseRedirect(reverse("defender_blocks_view")) return HttpResponseRedirect(reverse("defender_blocks_view"))