Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-03-16 22:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
337 commits 4 branches 24 tags 794 KiB
Commit graph

162 commits

Author SHA1 Message Date
Jannis Leidel
ed857f7481
Run lints and other checks. (#149) 2019-11-25 11:11:57 +01:00
Jannis Leidel
68d0b41ee5
Use setuptools-scm. 2019-11-24 15:14:12 +01:00
Aleksi Häkli
a1d526f318
PEP8 formatting (#147) 
Run black with Python 2.7 as target version
to unify the code styling and make it more
linter and style guide compliant
 2019-11-15 20:22:14 +02:00
horida
ce95906488 send user/ip blocked signal only once 2019-09-16 08:47:35 -04:00
horida
fcfa88d679 Add unblock signals 2019-09-08 10:05:04 -04:00
Chris Ledet
7ca76bb975 Add and test support for Django 2.2 2019-05-30 08:34:42 -04:00
fr0mhell
7400a4945f Feature update Python and Django versions (#126) 
* remove Python 3.3
* remove Django 1.8-1.10
* add Celery v4
* update travis config
* update admin URL
* replace MIDDLEWARE_CLASSES with MIDDLEWARE
 2019-01-29 07:50:02 -05:00
Andrei Baryshnikov
3031deb761 Add possibility to use custom utils.get_username_from_request function (#122) 
* Add `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting

This setting allow to override default `get_username_from_request`
function.

* Add `get_username` argument to `watch_login`

To be able to propagate this argument to other utils functions calls

* Minor code-style fixes

* Add example of use of `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting

* Update docs
 2018-05-29 10:32:08 -04:00
Jaimie Imrie
066dd238c8 Added ssl option when instantiating StrictRedis (#120) 2018-04-10 18:57:45 -04:00
William Boman
250c4d5388 add 2 new setting variables for more granular failure limit control (#113) 2018-04-10 09:22:51 -04:00
William Boman
b546224372 send signals when blocking username or ip (#114) 2018-04-10 09:21:37 -04:00
Ken Cochrane
fcfcd53076
Move mockredis to test requirements. replaces #115 (#119) 
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
 2018-02-20 09:34:14 -05:00
Cobus Carstens
5aa69bac96 Only use the username if it is actually provided (#112) 
* Only use the username if it is actually provided

* Test that unspecified usernames cannot be blocked

* Added test to prevent Coveralls from complaining about a coverage regression.
 2018-02-01 06:30:26 -05:00
William Boman
2b6374f1da utils: add username kwarg for providing username directly rather than via callback arg (#107) 2018-02-01 06:27:38 -05:00
Sophie Wirth
cde53c5315 replace django.core.urlresolvers with django.urls to appeace Django2.… (#106) 
* replace django.core.urlresolvers with django.urls to appeace Django2.0 deprecations
* add try except block around imports for older version support
* add correct django version in setup.py install_reqs
 2017-12-11 13:52:50 -05:00
cburger
b2490e4e4c Correctly get raw client when using django_redis cache. (#104) 2017-10-27 09:38:11 -04:00
ruthus18
7c6a7d2b93 Update regex for 'unblock_username_view'. (#100) 
The reason why we need to handle almost all special symbols is in cases when username is like 'some!username'

 Issue: #76
 2017-08-31 11:12:14 -04:00
Teemu N
db7a9001db Middleware fix for django >= 1.10 (#93) 
Fixes the `TypeError: object.__init__() takes no parameters` that happens with the new MIDDLEWARE that is new in django 1.10
 2017-07-04 13:23:28 -04:00
Mattia Procopio
85817fd278 Force the username to lowercase (#90) 2017-07-01 09:24:51 -04:00
Ken Cochrane
4d9adc35c2 Cleanup the code to remove lint warnings (#87) 
* Cleanup the code to remove lint warnings

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>

* Fixed typo

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
 2017-06-28 17:09:44 -04:00
Mattia Procopio
b985d17beb Allow decoration of functions beyond the admin login (#86) 
* Allow decoration of functions beyond the admin login

* Exclude tests file from coverage

* Allow installing django 1.11

* Add python 3.6 for testing
 2017-06-26 12:23:23 -04:00
Francisco Rivera
d2b712eade Taking redis client from django.core.cache (#82) 
* new setting that point to an already configured redis client

* taking redis client from django cache setting

* adding informative exception

* dropping django 1.6 support

* dropping django 1.7 support

* adding tests

* removing old coverage stuff + pep8 fixes

* ups, wrong package

* supporting multiple backends

* adding documentation

* dropping python 2.6 support
 2017-06-24 19:17:15 -04:00
Israel Saeta Pérez
a59cbca0f6 Add support for Django 1.11 (#79) 2017-06-12 19:10:03 -04:00
Israel Saeta Pérez
69db1cfb70 Allow usernames with plus signs in unblock view (#77) 
This fixes bug #GH76 where an exception like

```
Reverse for 'defender_unblock_username_view' with arguments '(u'user+test@domain.tld',)' and keyword arguments '{}' not found. 1 pattern(s) tried: [u'admin/defender/blocks/username/(?P[A-Za-z0-9-._@]+)/unblock$']
```

was raised when trying to access the `/admin/defender/blocks/` URL when a user with a plus sign had been locked out.
 2017-06-10 10:39:19 -04:00
Ken Cochrane
c4f3a61036 Bump for 0.4.3 release (#74) 
* Bump for 0.4.3 release

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* updated travis dependencies and fixed issue with 1.10,1.11 tests

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* Added travis settings

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* Revert django 1.11 support

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
 2017-04-14 18:30:58 -04:00
Jakub Kuszneruk
079c897203 Example djangorestframework auth method 
- sample authentication method described in README
piggyback:
- typo in lockout.html
 2017-03-21 11:03:42 -04:00
Jakub Kuszneruk
cd0a22c1c5 [#70] get username from request is more flexible 
- Every function which loads username from request has the optional paramter: get_username
piggyback:
- removed redefinition of USERNAME_FORM_FIELD from defender.config
 2017-03-10 20:04:45 +01:00
Karimov Dmitriy
32f60c3f8b Add test_disable_username_lockout 2016-06-20 13:36:02 +05:00
Karimov Dmitriy
d85752970b Add DEFENDER_DISABLE_USERNAME_LOCKOUT 2016-06-20 09:20:47 +05:00
Ken Cochrane
f5b40a1820 Merge pull request #56 from kencochrane/remove_admin_filter 
removing the django admin filter for username
 2016-05-27 14:13:02 -04:00
Ken Cochrane
57a069bc61 Merge pull request #58 from mrbaboon/patch-1 
Fix DataError on login
 2016-05-27 14:12:32 -04:00
Ken Cochrane
1a105a6604 Merge pull request #59 from btoueg/patch-1 
Fix for usernames with capital letters
 2016-05-27 14:12:16 -04:00
Benjamin Toueg
7fc366e4ca Fix for usernames with capital letters 2016-05-13 16:37:22 +02:00
Alex White
9209f0579f Fix DataError on login 
A watched login failure causes a 500 saving a 256 character long username into the login attempts.  Conditionally slice it to fit AccessAttempt
 2016-05-11 14:07:50 -07:00
Eric Buckley
2913b5f38b making urlpatterns a plain list 
as of Django 1.8, creating urlpatterns with the
`django.conf.urls.patterns` function became deprecated and will be
removed in 1.10.

https://docs.djangoproject.com/en/1.8/ref/urls/#patterns
 2016-04-19 21:09:26 -07:00
Ken Cochrane
9cef057520 removing the django admin filter for username 2016-02-09 12:11:06 -05:00
Vladimir Bolshakov
2ce4e16979 Use url method instead of patterns in test URLs setup. 2016-02-01 19:09:59 +03:00
Vladimir Bolshakov
23a690395c Use render shortcut instead of render_to_response. 2016-02-01 19:09:28 +03:00
Vladimir Bolshakov
c3495605ea Fix testing of failed login redirect to URL for Django 1.9. 
Location header in redirect can be relative URL from Django 1.9.
 2016-02-01 19:08:54 +03:00
Vladimir Bolshakov
948877c156 Fix formatting. 2016-02-01 19:07:16 +03:00
Vladimir Bolshakov
f4e0ddc032 assertEquals -> assertEqual 2016-02-01 19:06:38 +03:00
Vladimir Bolshakov
44c8746d8c Templates settings as recommended from Django 1.8 2016-02-01 19:05:17 +03:00
bc Wong
831bb299f9 Always define the task to store login attempt 
Adding function definitions based on config values makes testing hard.
The task function is always there, and we choose to call it depending on
config during runtime.
 2016-01-24 17:28:20 -08:00
bc Wong
f9047162d4 Add helpers that do not assume how to retrieve username 
The `is_already_locked` method assumes how the username is stored in the
request. This patch adds helpers that don't to allow for more flexible
implementation.
 2016-01-24 09:41:43 -08:00
Ken Cochrane
6b91730722 cleanup the boolean logic around is_already_locked() 2015-10-23 15:00:56 -04:00
Ken Cochrane
6e2ea2b94a fix compatibility issues with python 2.6, and disable testing on django versions 1.6.x and 1.7.x on python 3.5 2015-10-22 13:37:41 -04:00
Ken Cochrane
cc45409078 fixed pep8 issues 2015-10-21 16:44:12 -04:00
Ken Cochrane
64c5684c12 Added so that you can disable IP lockouts if you want 2015-10-21 16:33:08 -04:00
nephridium
64736040af Remove obsolete comments 2015-06-29 18:42:09 +08:00
nephridium
a3207d582a Add tests for utils get_blocked_ips() and get_blocked_usernames() 2015-06-29 18:33:33 +08:00
nephridium
67ebb8edff Make key_list read from redis Python 3 compatible 
Converts from bytes to string using .decode('utf-8')
 2015-06-26 22:17:50 +08:00
Alex White
319027c1e6 Fix line length meet PEP8 2015-04-21 16:24:01 -07:00
Alex White
b583f6f54f Add combined username & ip tests 2015-04-21 15:22:29 -07:00
Alex White
793720a189 Handle evaluating combined IP and username lockouts based on settings 2015-04-21 15:22:17 -07:00
Alex White
c8da36cadb Add boolean to allow locking out by username & ip address combined 2015-04-21 15:21:29 -07:00
Ken Cochrane
a99bcdfc63 renamed the file to the correct name 2015-03-24 15:27:57 -04:00
Ken Cochrane
fb095e4ca9 cleaned up some landscape.io warnings 2015-03-20 11:09:45 -04:00
Ken Cochrane
8ef0420b23 added management command 2015-03-20 10:10:07 -04:00
Ken Cochrane
47d6a71825 fixed issues #15 #35 and #36, added way to clean up access attempt table, as well as an option to not login attempts. Also speed up django admin pages 2015-03-20 10:09:39 -04:00
Ken Cochrane
ea7a8cde06 bumped the django versions on travis, and added a fix to get_ip() 2015-02-25 10:03:05 -05:00
Ken Cochrane
fd4f58a20c took marcus's advice and used the built in django validator 2015-02-24 22:02:06 -05:00
Ken Cochrane
2f6afbdb6e added ipv6 addresses to the test, and updated the ipv6 regex to something that worked better 2015-02-24 21:52:10 -05:00
Ken Cochrane
9c50d8e833 added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 18:16:08 -05:00
Ken Cochrane
88c388ec42 add a fix so that we don't block an empty IP or username 2015-02-01 10:17:10 -05:00
Ken Cochrane
87945f97ee fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-29 20:02:35 -05:00
Ken Cochrane
389ae2d91f locked down the defender views 2015-01-29 08:22:29 -05:00
Ken Cochrane
d0a23a71ba updated lockout.html template 2015-01-29 08:15:38 -05:00
Ken Cochrane
130f696a7e added new context variable to lockout template 2015-01-29 08:10:19 -05:00
Ken Cochrane
b50b05f1d2 Merge branch 'master' into new-admin 2015-01-28 20:21:41 -05:00
Ken Cochrane
12698d7d54 finished working on the defender admin, cleaned some stuff up, added some notes and screenshots 2015-01-28 20:19:16 -05:00
Ken Cochrane
db3eea99cc initial commit, adding admin pages to manage blocked users 2015-01-27 18:06:56 -05:00
Ken Cochrane
a6eb683ea1 more cleanup 2015-01-26 10:56:25 -05:00
Ken Cochrane
333fb2d8ec cleaned up a little remove the ViewDecoratorMiddleware 2015-01-25 22:48:02 -05:00
Marcus Martins
95eac511eb Provide helper TestCases to be used with Defender 
Provide TransactionTestCase and TestCase that clear the
defender cache between runs.
 2015-01-12 13:28:33 -08:00
Marcus Martins
103e29a437 Add compatibility for python 2.6 2015-01-12 09:53:40 -08:00
Marcus Martins
351148b239 refactor is_already_locked and add better test coverage 
Simplify the is_already_locked code and make sure
that we're testing that code better.
 2015-01-12 09:42:38 -08:00
Marcus Martins
d72e32cfc1 Allow redis connections to be mocked outside tests 
Use a mocked instance of redis outside tests so we can use it
on django projects.
 2015-01-08 12:56:33 -08:00
Marcus Martins
345077725d Add support for migrations under South and Django 1.7 2015-01-05 18:40:29 -08:00
Marcus Martins
43d91ef694 Fix tests for Django 1.7 2015-01-05 17:47:57 -08:00
Marcus Martins
0454bf741a Adding unicode support for python3 2015-01-05 17:20:24 -08:00
Ken Cochrane
8f8682c48f fixed issue with python3 2015-01-03 16:50:51 -05:00
Ken Cochrane
92c378bf68 Add Celery option for writing to database 2015-01-03 16:33:51 -05:00
Ken Cochrane
1c56b279cd missing file in last commit 2015-01-03 11:11:08 -05:00
Ken Cochrane
a7bc8c0d55 added landscape.io and some fixes it found 2015-01-03 11:09:30 -05:00
Ken Cochrane
7e32eacd97 moved a config out of middleware into config and also updated README 2015-01-03 10:34:19 -05:00
Joffrey F
48d45a0367 Use pipelines for atomic transactions 2015-01-02 16:09:24 -08:00
Ken Cochrane
95e8ccf088 Merge pull request #10 from shin-/master 
Admin and middleware tests
 2015-01-02 18:54:13 -05:00
Joffrey F
59fed5fc8a python3 fix 2015-01-02 15:31:09 -08:00
Joffrey F
1b63b657a1 test_get_view for 100% coverage 2015-01-02 15:29:26 -08:00
Joffrey F
465e45a124 Admin and middleware tests 2015-01-02 15:15:34 -08:00
Ken Cochrane
649cc33c68 Merge pull request #9 from shin-/master 
Improved utils coverage
 2015-01-02 16:38:06 -05:00
Joffrey F
08bb7d12fb Fixed get_user_attempts() and unit tests 2015-01-02 13:26:43 -08:00
Ken Cochrane
34060b1eb1 added one more unit test, and added a coverage ignore to a line 2015-01-02 16:10:12 -05:00
Joffrey F
a6ac9a1e67 Improved utils coverage 2015-01-02 13:09:31 -08:00
Ken Cochrane
6f0f5c26f2 added more unit tests 2015-01-02 16:02:09 -05:00
Ken Cochrane
e0393bb2eb added unit test for custom lockout template 2015-01-02 15:43:38 -05:00
Joffrey F
70fa41ff0d Ensure we don't break when cooloff time is 0 ('permanent' lock) 2015-01-02 12:12:57 -08:00
Joffrey F
6e4e450dce Fixed redis mocking in tests 2015-01-02 11:27:29 -08:00
Ken Cochrane
aa934d7af4 improvements to coverage, and added pypy3 testing 2015-01-01 13:50:19 -05:00
Ken Cochrane
98f3a3c776 minor cleanup 2015-01-01 13:40:05 -05:00