Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-05-18 12:31:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
166 commits 4 branches 24 tags 794 KiB
Commit graph

90 commits

Author SHA1 Message Date
Israel Saeta Pérez
a59cbca0f6 Add support for Django 1.11 (#79) 2017-06-12 19:10:03 -04:00
Israel Saeta Pérez
69db1cfb70 Allow usernames with plus signs in unblock view (#77) 
This fixes bug #GH76 where an exception like

```
Reverse for 'defender_unblock_username_view' with arguments '(u'user+test@domain.tld',)' and keyword arguments '{}' not found. 1 pattern(s) tried: [u'admin/defender/blocks/username/(?P[A-Za-z0-9-._@]+)/unblock$']
```

was raised when trying to access the `/admin/defender/blocks/` URL when a user with a plus sign had been locked out.
 2017-06-10 10:39:19 -04:00
Ken Cochrane
c4f3a61036 Bump for 0.4.3 release (#74) 
* Bump for 0.4.3 release

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* updated travis dependencies and fixed issue with 1.10,1.11 tests

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* Added travis settings

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>

* Revert django 1.11 support

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
 2017-04-14 18:30:58 -04:00
Jakub Kuszneruk
079c897203 Example djangorestframework auth method 
- sample authentication method described in README
piggyback:
- typo in lockout.html
 2017-03-21 11:03:42 -04:00
Jakub Kuszneruk
cd0a22c1c5 [#70] get username from request is more flexible 
- Every function which loads username from request has the optional paramter: get_username
piggyback:
- removed redefinition of USERNAME_FORM_FIELD from defender.config
 2017-03-10 20:04:45 +01:00
Karimov Dmitriy
32f60c3f8b Add test_disable_username_lockout 2016-06-20 13:36:02 +05:00
Karimov Dmitriy
d85752970b Add DEFENDER_DISABLE_USERNAME_LOCKOUT 2016-06-20 09:20:47 +05:00
Ken Cochrane
f5b40a1820 Merge pull request #56 from kencochrane/remove_admin_filter 
removing the django admin filter for username
 2016-05-27 14:13:02 -04:00
Ken Cochrane
57a069bc61 Merge pull request #58 from mrbaboon/patch-1 
Fix DataError on login
 2016-05-27 14:12:32 -04:00
Ken Cochrane
1a105a6604 Merge pull request #59 from btoueg/patch-1 
Fix for usernames with capital letters
 2016-05-27 14:12:16 -04:00
Benjamin Toueg
7fc366e4ca Fix for usernames with capital letters 2016-05-13 16:37:22 +02:00
Alex White
9209f0579f Fix DataError on login 
A watched login failure causes a 500 saving a 256 character long username into the login attempts.  Conditionally slice it to fit AccessAttempt
 2016-05-11 14:07:50 -07:00
Eric Buckley
2913b5f38b making urlpatterns a plain list 
as of Django 1.8, creating urlpatterns with the
`django.conf.urls.patterns` function became deprecated and will be
removed in 1.10.

https://docs.djangoproject.com/en/1.8/ref/urls/#patterns
 2016-04-19 21:09:26 -07:00
Ken Cochrane
9cef057520 removing the django admin filter for username 2016-02-09 12:11:06 -05:00
Vladimir Bolshakov
2ce4e16979 Use url method instead of patterns in test URLs setup. 2016-02-01 19:09:59 +03:00
Vladimir Bolshakov
23a690395c Use render shortcut instead of render_to_response. 2016-02-01 19:09:28 +03:00
Vladimir Bolshakov
c3495605ea Fix testing of failed login redirect to URL for Django 1.9. 
Location header in redirect can be relative URL from Django 1.9.
 2016-02-01 19:08:54 +03:00
Vladimir Bolshakov
948877c156 Fix formatting. 2016-02-01 19:07:16 +03:00
Vladimir Bolshakov
f4e0ddc032 assertEquals -> assertEqual 2016-02-01 19:06:38 +03:00
Vladimir Bolshakov
44c8746d8c Templates settings as recommended from Django 1.8 2016-02-01 19:05:17 +03:00
bc Wong
831bb299f9 Always define the task to store login attempt 
Adding function definitions based on config values makes testing hard.
The task function is always there, and we choose to call it depending on
config during runtime.
 2016-01-24 17:28:20 -08:00
bc Wong
f9047162d4 Add helpers that do not assume how to retrieve username 
The `is_already_locked` method assumes how the username is stored in the
request. This patch adds helpers that don't to allow for more flexible
implementation.
 2016-01-24 09:41:43 -08:00
Ken Cochrane
6b91730722 cleanup the boolean logic around is_already_locked() 2015-10-23 15:00:56 -04:00
Ken Cochrane
6e2ea2b94a fix compatibility issues with python 2.6, and disable testing on django versions 1.6.x and 1.7.x on python 3.5 2015-10-22 13:37:41 -04:00
Ken Cochrane
cc45409078 fixed pep8 issues 2015-10-21 16:44:12 -04:00
Ken Cochrane
64c5684c12 Added so that you can disable IP lockouts if you want 2015-10-21 16:33:08 -04:00
nephridium
64736040af Remove obsolete comments 2015-06-29 18:42:09 +08:00
nephridium
a3207d582a Add tests for utils get_blocked_ips() and get_blocked_usernames() 2015-06-29 18:33:33 +08:00
nephridium
67ebb8edff Make key_list read from redis Python 3 compatible 
Converts from bytes to string using .decode('utf-8')
 2015-06-26 22:17:50 +08:00
Alex White
319027c1e6 Fix line length meet PEP8 2015-04-21 16:24:01 -07:00
Alex White
b583f6f54f Add combined username & ip tests 2015-04-21 15:22:29 -07:00
Alex White
793720a189 Handle evaluating combined IP and username lockouts based on settings 2015-04-21 15:22:17 -07:00
Alex White
c8da36cadb Add boolean to allow locking out by username & ip address combined 2015-04-21 15:21:29 -07:00
Ken Cochrane
a99bcdfc63 renamed the file to the correct name 2015-03-24 15:27:57 -04:00
Ken Cochrane
fb095e4ca9 cleaned up some landscape.io warnings 2015-03-20 11:09:45 -04:00
Ken Cochrane
8ef0420b23 added management command 2015-03-20 10:10:07 -04:00
Ken Cochrane
47d6a71825 fixed issues #15 #35 and #36, added way to clean up access attempt table, as well as an option to not login attempts. Also speed up django admin pages 2015-03-20 10:09:39 -04:00
Ken Cochrane
ea7a8cde06 bumped the django versions on travis, and added a fix to get_ip() 2015-02-25 10:03:05 -05:00
Ken Cochrane
fd4f58a20c took marcus's advice and used the built in django validator 2015-02-24 22:02:06 -05:00
Ken Cochrane
2f6afbdb6e added ipv6 addresses to the test, and updated the ipv6 regex to something that worked better 2015-02-24 21:52:10 -05:00
Ken Cochrane
9c50d8e833 added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 18:16:08 -05:00
Ken Cochrane
88c388ec42 add a fix so that we don't block an empty IP or username 2015-02-01 10:17:10 -05:00
Ken Cochrane
87945f97ee fixing an issue @jlhawn found, we should only block if we are over the limit 2015-01-29 20:02:35 -05:00
Ken Cochrane
389ae2d91f locked down the defender views 2015-01-29 08:22:29 -05:00
Ken Cochrane
d0a23a71ba updated lockout.html template 2015-01-29 08:15:38 -05:00
Ken Cochrane
130f696a7e added new context variable to lockout template 2015-01-29 08:10:19 -05:00
Ken Cochrane
b50b05f1d2 Merge branch 'master' into new-admin 2015-01-28 20:21:41 -05:00
Ken Cochrane
12698d7d54 finished working on the defender admin, cleaned some stuff up, added some notes and screenshots 2015-01-28 20:19:16 -05:00
Ken Cochrane
db3eea99cc initial commit, adding admin pages to manage blocked users 2015-01-27 18:06:56 -05:00
Ken Cochrane
a6eb683ea1 more cleanup 2015-01-26 10:56:25 -05:00