Hopiu/django-defender
1
0
Fork 0
mirror of https://github.com/jazzband/django-defender.git synced 2026-03-26 19:00:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
267 commits 4 branches 24 tags 794 KiB
Commit graph

66 commits

Author SHA1 Message Date
Hasan Ramezani
dde5d6dfce
Replace assertEquals with assertEqual. 2021-10-13 18:22:20 +02:00
Ryan Bales
e5edaf3b5d bugfix for IP backdoor to DEFENDER_LOCK_OUT_BY_IP_AND_USERNAME 2021-08-01 15:19:34 -04:00
Hasan Ramezani
cc06ab33fd Drop support Django < 2.2 and add support for Django > 3 2020-11-27 16:32:46 +01:00
Hasan Ramezani
5e6e52fcbb Drop Python2.7 support. 2020-11-23 17:30:46 +01:00
calmkart
71312eb841
FIX: support for special character in redis password(such like '@') (#155) 
* FIX: if special character in redis password, we can set DEFENDER_REDIS_PASSWORD_QUOTE to True, and use quote password

* MOD:add test cases with password_quota = True
 2020-03-13 08:13:54 -04:00
Aleksi Häkli
a1d526f318
PEP8 formatting (#147) 
Run black with Python 2.7 as target version
to unify the code styling and make it more
linter and style guide compliant
 2019-11-15 20:22:14 +02:00
horida
ce95906488 send user/ip blocked signal only once 2019-09-16 08:47:35 -04:00
horida
fcfa88d679 Add unblock signals 2019-09-08 10:05:04 -04:00
Andrei Baryshnikov
3031deb761 Add possibility to use custom utils.get_username_from_request function (#122) 
* Add `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting

This setting allow to override default `get_username_from_request`
function.

* Add `get_username` argument to `watch_login`

To be able to propagate this argument to other utils functions calls

* Minor code-style fixes

* Add example of use of `DEFENDER_GET_USERNAME_FROM_REQUEST_PATH` setting

* Update docs
 2018-05-29 10:32:08 -04:00
William Boman
250c4d5388 add 2 new setting variables for more granular failure limit control (#113) 2018-04-10 09:22:51 -04:00
William Boman
b546224372 send signals when blocking username or ip (#114) 2018-04-10 09:21:37 -04:00
Cobus Carstens
5aa69bac96 Only use the username if it is actually provided (#112) 
* Only use the username if it is actually provided

* Test that unspecified usernames cannot be blocked

* Added test to prevent Coveralls from complaining about a coverage regression.
 2018-02-01 06:30:26 -05:00
William Boman
2b6374f1da utils: add username kwarg for providing username directly rather than via callback arg (#107) 2018-02-01 06:27:38 -05:00
Sophie Wirth
cde53c5315 replace django.core.urlresolvers with django.urls to appeace Django2.… (#106) 
* replace django.core.urlresolvers with django.urls to appeace Django2.0 deprecations
* add try except block around imports for older version support
* add correct django version in setup.py install_reqs
 2017-12-11 13:52:50 -05:00
ruthus18
7c6a7d2b93 Update regex for 'unblock_username_view'. (#100) 
The reason why we need to handle almost all special symbols is in cases when username is like 'some!username'

 Issue: #76
 2017-08-31 11:12:14 -04:00
Mattia Procopio
85817fd278 Force the username to lowercase (#90) 2017-07-01 09:24:51 -04:00
Ken Cochrane
4d9adc35c2 Cleanup the code to remove lint warnings (#87) 
* Cleanup the code to remove lint warnings

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>

* Fixed typo

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
 2017-06-28 17:09:44 -04:00
Mattia Procopio
b985d17beb Allow decoration of functions beyond the admin login (#86) 
* Allow decoration of functions beyond the admin login

* Exclude tests file from coverage

* Allow installing django 1.11

* Add python 3.6 for testing
 2017-06-26 12:23:23 -04:00
Francisco Rivera
d2b712eade Taking redis client from django.core.cache (#82) 
* new setting that point to an already configured redis client

* taking redis client from django cache setting

* adding informative exception

* dropping django 1.6 support

* dropping django 1.7 support

* adding tests

* removing old coverage stuff + pep8 fixes

* ups, wrong package

* supporting multiple backends

* adding documentation

* dropping python 2.6 support
 2017-06-24 19:17:15 -04:00
Israel Saeta Pérez
69db1cfb70 Allow usernames with plus signs in unblock view (#77) 
This fixes bug #GH76 where an exception like

```
Reverse for 'defender_unblock_username_view' with arguments '(u'user+test@domain.tld',)' and keyword arguments '{}' not found. 1 pattern(s) tried: [u'admin/defender/blocks/username/(?P[A-Za-z0-9-._@]+)/unblock$']
```

was raised when trying to access the `/admin/defender/blocks/` URL when a user with a plus sign had been locked out.
 2017-06-10 10:39:19 -04:00
Karimov Dmitriy
32f60c3f8b Add test_disable_username_lockout 2016-06-20 13:36:02 +05:00
Vladimir Bolshakov
c3495605ea Fix testing of failed login redirect to URL for Django 1.9. 
Location header in redirect can be relative URL from Django 1.9.
 2016-02-01 19:08:54 +03:00
Vladimir Bolshakov
948877c156 Fix formatting. 2016-02-01 19:07:16 +03:00
Vladimir Bolshakov
f4e0ddc032 assertEquals -> assertEqual 2016-02-01 19:06:38 +03:00
bc Wong
f9047162d4 Add helpers that do not assume how to retrieve username 
The `is_already_locked` method assumes how the username is stored in the
request. This patch adds helpers that don't to allow for more flexible
implementation.
 2016-01-24 09:41:43 -08:00
Ken Cochrane
6e2ea2b94a fix compatibility issues with python 2.6, and disable testing on django versions 1.6.x and 1.7.x on python 3.5 2015-10-22 13:37:41 -04:00
Ken Cochrane
64c5684c12 Added so that you can disable IP lockouts if you want 2015-10-21 16:33:08 -04:00
nephridium
64736040af Remove obsolete comments 2015-06-29 18:42:09 +08:00
nephridium
a3207d582a Add tests for utils get_blocked_ips() and get_blocked_usernames() 2015-06-29 18:33:33 +08:00
Alex White
b583f6f54f Add combined username & ip tests 2015-04-21 15:22:29 -07:00
Ken Cochrane
fb095e4ca9 cleaned up some landscape.io warnings 2015-03-20 11:09:45 -04:00
Ken Cochrane
fd4f58a20c took marcus's advice and used the built in django validator 2015-02-24 22:02:06 -05:00
Ken Cochrane
2f6afbdb6e added ipv6 addresses to the test, and updated the ipv6 regex to something that worked better 2015-02-24 21:52:10 -05:00
Ken Cochrane
9c50d8e833 added fixes for issue #32, hopefully this closes the security hole that @mmetince found 2015-02-24 18:16:08 -05:00
Ken Cochrane
88c388ec42 add a fix so that we don't block an empty IP or username 2015-02-01 10:17:10 -05:00
Ken Cochrane
a6eb683ea1 more cleanup 2015-01-26 10:56:25 -05:00
Marcus Martins
95eac511eb Provide helper TestCases to be used with Defender 
Provide TransactionTestCase and TestCase that clear the
defender cache between runs.
 2015-01-12 13:28:33 -08:00
Marcus Martins
103e29a437 Add compatibility for python 2.6 2015-01-12 09:53:40 -08:00
Marcus Martins
351148b239 refactor is_already_locked and add better test coverage 
Simplify the is_already_locked code and make sure
that we're testing that code better.
 2015-01-12 09:42:38 -08:00
Marcus Martins
d72e32cfc1 Allow redis connections to be mocked outside tests 
Use a mocked instance of redis outside tests so we can use it
on django projects.
 2015-01-08 12:56:33 -08:00
Marcus Martins
43d91ef694 Fix tests for Django 1.7 2015-01-05 17:47:57 -08:00
Ken Cochrane
8f8682c48f fixed issue with python3 2015-01-03 16:50:51 -05:00
Ken Cochrane
92c378bf68 Add Celery option for writing to database 2015-01-03 16:33:51 -05:00
Ken Cochrane
a7bc8c0d55 added landscape.io and some fixes it found 2015-01-03 11:09:30 -05:00
Ken Cochrane
7e32eacd97 moved a config out of middleware into config and also updated README 2015-01-03 10:34:19 -05:00
Ken Cochrane
95e8ccf088 Merge pull request #10 from shin-/master 
Admin and middleware tests
 2015-01-02 18:54:13 -05:00
Joffrey F
59fed5fc8a python3 fix 2015-01-02 15:31:09 -08:00
Joffrey F
1b63b657a1 test_get_view for 100% coverage 2015-01-02 15:29:26 -08:00
Joffrey F
465e45a124 Admin and middleware tests 2015-01-02 15:15:34 -08:00
Ken Cochrane
649cc33c68 Merge pull request #9 from shin-/master 
Improved utils coverage
 2015-01-02 16:38:06 -05:00