Commit 0f807bcd authored by Sunil Mohan Adapa's avatar Sunil Mohan Adapa Committed by James Valleroy

sso: Use new features of axes, log axes messages

Signed-off-by: Sunil Mohan Adapa's avatarSunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy's avatarJames Valleroy <jvalleroy@mailbox.org>
parent 9c8b48ce
......@@ -21,12 +21,13 @@ import importlib
import logging
import sys
import axes
from . import (__version__, cfg, dbus, frontpage, log, menu, module_loader,
setup, web_framework, web_server)
setup, utils, web_framework, web_server)
if utils.is_axes_old():
import axes
axes.default_app_config = 'plinth.axes_app_config.AppConfig'
axes.default_app_config = "plinth.axes_app_config.AppConfig"
precedence_commandline_arguments = ["server_dir", "develop"]
logger = logging.getLogger(__name__)
......
......@@ -26,4 +26,4 @@ class AppConfig(apps.AppConfig):
def ready(self):
# Signals must be loaded for axes to get the login_failed signals
from axes import signals # isort:skip
from axes import signals # isort:skip pylint: disable=unused-import
......@@ -28,7 +28,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.views import LoginView, LogoutView
from django.http import HttpResponseRedirect
from plinth import actions, web_framework
from plinth import actions, utils, web_framework
from .forms import AuthenticationForm
......@@ -69,6 +69,8 @@ class SSOLoginView(LoginView):
return response
# XXX: Use axes middleware and authentication backend instead of
# axes_form_invalid when axes >= 5.0.0 becomes available in Debian stable.
@axes_form_invalid
def form_invalid(self, *args, **kwargs):
return super(SSOLoginView, self).form_invalid(*args, **kwargs)
......@@ -89,10 +91,13 @@ class CaptchaLoginView(LoginView):
return response
# Successful authentication
ip_address = web_framework.get_ip_address_from_request(request)
axes.utils.reset(ip=ip_address)
logger.info('Login attempts reset for IP after successful login: %s',
ip_address)
if utils.is_axes_old():
ip_address = web_framework.get_ip_address_from_request(request)
axes.utils.reset(ip=ip_address)
logger.info(
'Login attempts reset for IP after successful login: %s',
ip_address)
return set_ticket_cookie(request.user, response)
......
......@@ -40,6 +40,9 @@ urlpatterns = [
name='change_password'),
# Authnz is handled by SSO
# XXX: Use axes authentication backend and middleware instead of
# axes_dispatch after axes 5.x becomes available in Debian stable.
url(r'^accounts/login/$',
public(axes_dispatch(SSOLoginView.as_view())), name='login'),
url(r'^accounts/logout/$',
......
......@@ -22,6 +22,14 @@ import os
TEST_DATA_DIR = os.path.dirname(os.path.abspath(__file__))
AXES_ENABLED = False
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.dummy.DummyCache'
}
}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
......@@ -30,6 +38,7 @@ DATABASES = {
}
INSTALLED_APPS = [
'axes',
'captcha',
'bootstrapform',
'django.contrib.auth',
......
......@@ -164,3 +164,14 @@ def gunzip(gzip_file, output_file):
def is_non_empty_file(file_path):
return os.path.isfile(file_path) and os.path.getsize(file_path) > 0
def is_axes_old():
"""Return true if using django-axes version strictly less than 5.0.0.
XXX: Remove this method and allow code that uses it after django-axes >=
5.0.0 becomes available in Debian stable.
"""
import axes
return LooseVersion(axes.get_version()) < LooseVersion('5.0')
......@@ -98,6 +98,7 @@ def init():
},
],
AXES_LOCKOUT_URL='locked/',
AXES_RESET_ON_SUCCESS=True, # Only used with axes >= 4.4.3
CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.dummy.DummyCache'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment