* FIX: if special character in redis password, we can set DEFENDER_REDIS_PASSWORD_QUOTE to True, and use quote password
* MOD:add test cases with password_quota = True
* Add `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting
This setting allow to override default `get_username_from_request`
function.
* Add `get_username` argument to `watch_login`
To be able to propagate this argument to other utils functions calls
* Minor code-style fixes
* Add example of use of `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting
* Update docs
* Only use the username if it is actually provided
* Test that unspecified usernames cannot be blocked
* Added test to prevent Coveralls from complaining about a coverage regression.
* replace django.core.urlresolvers with django.urls to appeace Django2.0 deprecations
* add try except block around imports for older version support
* add correct django version in setup.py install_reqs
* Cleanup the code to remove lint warnings
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
* Fixed typo
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This fixes bug #GH76 where an exception like
```
Reverse for 'defender_unblock_username_view' with arguments '(u'user+test@domain.tld',)' and keyword arguments '{}' not found. 1 pattern(s) tried: [u'admin/defender/blocks/username/(?P[A-Za-z0-9-._@]+)/unblock$']
```
was raised when trying to access the `/admin/defender/blocks/` URL when a user with a plus sign had been locked out.
* Bump for 0.4.3 release
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
* updated travis dependencies and fixed issue with 1.10,1.11 tests
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
* Added travis settings
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
* Revert django 1.11 support
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
- Every function which loads username from request has the optional paramter: get_username
piggyback:
- removed redefinition of USERNAME_FORM_FIELD from defender.config
Adding function definitions based on config values makes testing hard.
The task function is always there, and we choose to call it depending on
config during runtime.
The `is_already_locked` method assumes how the username is stored in the
request. This patch adds helpers that don't to allow for more flexible
implementation.
