sso: Use new features of axes, log axes messages

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

plinth/__main__.py

@@ -21,12 +21,13 @@ import importlib
 import logging
 import sys
 
-import axes
-
 from . import (__version__, cfg, dbus, frontpage, log, menu, module_loader,
-               setup, web_framework, web_server)
+               setup, utils, web_framework, web_server)
+
+if utils.is_axes_old():
+    import axes
+    axes.default_app_config = 'plinth.axes_app_config.AppConfig'
 
-axes.default_app_config = "plinth.axes_app_config.AppConfig"
 precedence_commandline_arguments = ["server_dir", "develop"]
 
 logger = logging.getLogger(__name__)

plinth/axes_app_config.py

@@ -26,4 +26,4 @@ class AppConfig(apps.AppConfig):
 
     def ready(self):
         # Signals must be loaded for axes to get the login_failed signals
-        from axes import signals  # isort:skip
+        from axes import signals  # isort:skip pylint: disable=unused-import

plinth/modules/sso/views.py

@@ -28,7 +28,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.views import LoginView, LogoutView
 from django.http import HttpResponseRedirect
 
-from plinth import actions, web_framework
+from plinth import actions, utils, web_framework
 
 from .forms import AuthenticationForm
 
@@ -69,6 +69,8 @@ class SSOLoginView(LoginView):
 
         return response
 
+    # XXX: Use axes middleware and authentication backend instead of
+    # axes_form_invalid when axes >= 5.0.0 becomes available in Debian stable.
     @axes_form_invalid
     def form_invalid(self, *args, **kwargs):
         return super(SSOLoginView, self).form_invalid(*args, **kwargs)
@@ -89,10 +91,13 @@ class CaptchaLoginView(LoginView):
             return response
 
         # Successful authentication
+        if utils.is_axes_old():
             ip_address = web_framework.get_ip_address_from_request(request)
             axes.utils.reset(ip=ip_address)
-        logger.info('Login attempts reset for IP after successful login: %s',
+            logger.info(
+                'Login attempts reset for IP after successful login: %s',
                 ip_address)
+
         return set_ticket_cookie(request.user, response)
 
 

plinth/modules/users/urls.py

@@ -40,6 +40,9 @@ urlpatterns = [
         name='change_password'),
 
     # Authnz is handled by SSO
+
+    # XXX: Use axes authentication backend and middleware instead of
+    # axes_dispatch after axes 5.x becomes available in Debian stable.
     url(r'^accounts/login/$',
         public(axes_dispatch(SSOLoginView.as_view())), name='login'),
     url(r'^accounts/logout/$',

plinth/tests/data/django_test_settings.py

@@ -22,6 +22,14 @@ import os
 
 TEST_DATA_DIR = os.path.dirname(os.path.abspath(__file__))
 
+AXES_ENABLED = False
+
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.dummy.DummyCache'
+    }
+}
+
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.sqlite3',
@@ -30,6 +38,7 @@ DATABASES = {
 }
 
 INSTALLED_APPS = [
+    'axes',
     'captcha',
     'bootstrapform',
     'django.contrib.auth',

plinth/utils.py

@@ -164,3 +164,14 @@ def gunzip(gzip_file, output_file):
 
 def is_non_empty_file(file_path):
     return os.path.isfile(file_path) and os.path.getsize(file_path) > 0
+
+
+def is_axes_old():
+    """Return true if using django-axes version strictly less than 5.0.0.
+
+    XXX: Remove this method and allow code that uses it after django-axes >=
+    5.0.0 becomes available in Debian stable.
+
+    """
+    import axes
+    return LooseVersion(axes.get_version()) < LooseVersion('5.0')

plinth/web_framework.py

@@ -98,6 +98,7 @@ def init():
             },
         ],
         AXES_LOCKOUT_URL='locked/',
+        AXES_RESET_ON_SUCCESS=True,  # Only used with axes >= 4.4.3
         CACHES={
             'default': {
                 'BACKEND': 'django.core.cache.backends.dummy.DummyCache'