sso: Use new features of axes, log axes messages

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2019-07-15 15:01:53 -07:00 · 2019-07-15 15:01:53 -07:00 · 0f807bcd48
commit 0f807bcd48
parent 9c8b48ceac
7 changed files with 40 additions and 10 deletions
--- a/plinth/main.py
+++ b/plinth/main.py
@ -21,12 +21,13 @@ import importlib
 import logging
 import sys

-import axes
-
 from . import (__version__, cfg, dbus, frontpage, log, menu, module_loader,
-               setup, web_framework, web_server)
+               setup, utils, web_framework, web_server)
+
+if utils.is_axes_old():
+    import axes
+    axes.default_app_config = 'plinth.axes_app_config.AppConfig'

-axes.default_app_config = "plinth.axes_app_config.AppConfig"
 precedence_commandline_arguments = ["server_dir", "develop"]

 logger = logging.getLogger(__name__)
--- a/plinth/axes_app_config.py
+++ b/plinth/axes_app_config.py
@ -26,4 +26,4 @@ class AppConfig(apps.AppConfig):

    def ready(self):
        # Signals must be loaded for axes to get the login_failed signals
-        from axes import signals  # isort:skip
+        from axes import signals  # isort:skip pylint: disable=unused-import
--- a/plinth/modules/sso/views.py
+++ b/plinth/modules/sso/views.py
@ -28,7 +28,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.views import LoginView, LogoutView
 from django.http import HttpResponseRedirect

-from plinth import actions, web_framework
+from plinth import actions, utils, web_framework

 from .forms import AuthenticationForm

@ -69,6 +69,8 @@ class SSOLoginView(LoginView):

        return response

+    # XXX: Use axes middleware and authentication backend instead of
+    # axes_form_invalid when axes >= 5.0.0 becomes available in Debian stable.
    @axes_form_invalid
    def form_invalid(self, *args, **kwargs):
        return super(SSOLoginView, self).form_invalid(*args, **kwargs)
@ -89,10 +91,13 @@ class CaptchaLoginView(LoginView):
            return response

        # Successful authentication
-        ip_address = web_framework.get_ip_address_from_request(request)
-        axes.utils.reset(ip=ip_address)
-        logger.info('Login attempts reset for IP after successful login: %s',
-                    ip_address)
+        if utils.is_axes_old():
+            ip_address = web_framework.get_ip_address_from_request(request)
+            axes.utils.reset(ip=ip_address)
+            logger.info(
+                'Login attempts reset for IP after successful login: %s',
+                ip_address)
+
        return set_ticket_cookie(request.user, response)


--- a/plinth/modules/users/urls.py
+++ b/plinth/modules/users/urls.py
@ -40,6 +40,9 @@ urlpatterns = [
        name='change_password'),

    # Authnz is handled by SSO
+
+    # XXX: Use axes authentication backend and middleware instead of
+    # axes_dispatch after axes 5.x becomes available in Debian stable.
    url(r'^accounts/login/$',
        public(axes_dispatch(SSOLoginView.as_view())), name='login'),
    url(r'^accounts/logout/$',
--- a/plinth/tests/data/django_test_settings.py
+++ b/plinth/tests/data/django_test_settings.py
@ -22,6 +22,14 @@ import os

 TEST_DATA_DIR = os.path.dirname(os.path.abspath(__file__))

+AXES_ENABLED = False
+
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.dummy.DummyCache'
+    }
+}
+
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
@ -30,6 +38,7 @@ DATABASES = {
 }

 INSTALLED_APPS = [
+    'axes',
    'captcha',
    'bootstrapform',
    'django.contrib.auth',
--- a/plinth/utils.py
+++ b/plinth/utils.py
@ -164,3 +164,14 @@ def gunzip(gzip_file, output_file):

 def is_non_empty_file(file_path):
    return os.path.isfile(file_path) and os.path.getsize(file_path) > 0
+
+
+def is_axes_old():
+    """Return true if using django-axes version strictly less than 5.0.0.
+
+    XXX: Remove this method and allow code that uses it after django-axes >=
+    5.0.0 becomes available in Debian stable.
+
+    """
+    import axes
+    return LooseVersion(axes.get_version()) < LooseVersion('5.0')
--- a/plinth/web_framework.py
+++ b/plinth/web_framework.py
@ -98,6 +98,7 @@ def init():
            },
        ],
        AXES_LOCKOUT_URL='locked/',
+        AXES_RESET_ON_SUCCESS=True,  # Only used with axes >= 4.4.3
        CACHES={
            'default': {
                'BACKEND': 'django.core.cache.backends.dummy.DummyCache'