Changelogs » Django-axes

Django-axes

4.5.4

------------------

- Improve README and documentation
[aleksihakli]

4.5.3

------------------

- Remove the unused ``AccessAttempt.trusted`` flag from models
[aleksihakli]

- Improve README and Travis CI setups
[aleksihakli]

4.5.2

------------------

- Added Turkish translations
[obayhan]

4.5.1

------------------

- Removed duplicated check that was causing issues when using APIs.
[camilonova]

- Added Russian translations
[lubicz-sielski]

4.5.0

------------------

- Improve support for custom authentication credentials using the
``AXES_USERNAME_FORM_FIELD`` and ``AXES_USERNAME_CALLABLE`` settings.
[mastacheata]

- Updated behaviour for fetching username from request or credentials:
If no ``AXES_USERNAME_CALLABLE`` is configured, the optional
``credentials`` that are supplied to the axes utility methods
are now the default source for client username and the HTTP
request POST is the fallback for fetching the user information.
``AXES_USERNAME_CALLABLE`` implements an alternative signature with two
arguments ``request, credentials`` in addition to the old ``request``
call argument signature in a backwards compatible fashion.
[aleksihakli]

- Add official support for the Django 2.1 LTS version and Python 3.7.
[aleksihakli]

- Improve the requirements, documentation, tests, and CI setup.
[aleksihakli]

4.4.3

------------------

- Fix MANIFEST.in missing German translations
[aleksihakli]

- Add `AXES_RESET_ON_SUCCESS` configuration flag
[arjenzijlstra]

4.4.2

------------------

- fix missing migration and add check to prevent it happening again.
[markddavidoff]

4.4.1

------------------

- Add a German translation
[adonig]

- Documentation wording changes
[markddavidoff]

- Use `get_client_username` in `log_user_login_failed` instead of credentials
[markddavidoff]

- pin prospector to 0.12.11, and pin astroid to 1.6.5
[hsiaoyi0504]

4.4.0

------------------

- Added AXES_USERNAME_CALLABLE
[jaadus]

4.3.1

------------------

- Change custom authentication backend failures from error to warning log level
[aleksihakli]

- Set up strict code linting for CI pipeline that fails builds if linting does not pass
[aleksihakli]

- Clean up old code base and tests based on linter errors
[aleksihakli]

4.3.0

------------------

- Refactor and clean up code layout
[aleksihakli]

- Add prospector linting and code checks to toolchain
[aleksihakli]

- Clean up log message formatting and refactor type checks
[EvaSDK]

- Fix faulty user locking with user agent when AXES_ONLY_USER_FAILURES is set
[EvaSDK]

4.2.1

------------------

- Fix unicode string interpolation on Python 2.7
[aleksihakli]

4.2.0

------------------

- Add configuration flags for client IP resolving
[aleksihakli]

- Add AxesModelBackend authentication backend
[markdaviddoff]

4.1.0

------------------

- Add AXES_CACHE setting for configuring `axes` specific caching.
[JWvDronkelaar]

- Add checks and tests for faulty LocMemCache usage in application setup.
[aleksihakli]

4.0.2

------------------

- Improve Windows compatibility on Python < 3.4 by utilizing win_inet_pton
[hsiaoyi0504]

- Add documentation on django-allauth integration
[grucha]

- Add documentation on known AccessAttempt caching configuration problems
when using axes with the `django.core.cache.backends.locmem.LocMemCache`
[aleksihakli]

- Refactor and improve existing AccessAttempt cache reset utility
[aleksihakli]

4.0.1

------------------

- Fixes issue when not using `AXES_USERNAME_FORM_FIELD`
[camilonova]

4.0.0

------------------

- *BREAKING CHANGES*. `AXES_BEHIND_REVERSE_PROXY` `AXES_REVERSE_PROXY_HEADER`
`AXES_NUM_PROXIES` were removed in order to use `django-ipware` to get
the user ip address
[camilonova]

- Added support for custom username field
[kakulukia]

- Customizing Axes doc updated
[pckapps]

- Remove filtering by username
[camilonova]

- Fixed logging failed attempts to authenticate using a custom authentication
backend.
[D3X]

3.0.3

------------------

- Test against Python 2.7.
[mbaechtold]

- Test against Python 3.4.
[pope1ni]

3.0.2

------------------

- Added form_invalid decorator. Fixes 265
[camilonova]

3.0.1

------------------

- Fix DeprecationWarning for logger warning
[richardowen]

- Fixes global lockout possibility
[joeribekker]

- Changed the way output is handled in the management commands
[ataylor32]

3.0.0

------------------

- BREAKING CHANGES. Support for Django >= 1.11 and signals, see issue 215.
Drop support for Python < 3.6
[camilonova]

2.3.3

------------------

- Many tweaks and handles successful AJAX logins.
[Jack Sullivan]

- Add tests for proxy number parametrization
[aleksihakli]

- Add AXES_NUM_PROXIES setting
[aleksihakli]

- Log failed access attempts regardless of settings
[jimr]

- Updated configuration docs to include AXES_IP_WHITELIST
[Minkey27]

- Add test for get_cache_key function
[jorlugaqui]

- Delete cache key in reset command line
[jorlugaqui]

- Add signals for setting/deleting cache keys
[jorlugaqui]

2.3.2

------------------

- Only look for lockable users on a POST
[schinckel]

- Fix and add tests for IPv4 and IPv6 parsing
[aleksihakli]

2.3.1

------------------

- Added settings for disabling success accesslogs
[Minkey27]

- Fixed illegal IP address string passed to inet_pton
[samkuehn]

2.3.0

------------------

- Fixed ``axes_reset`` management command to skip "ip" prefix to command
arguments.
[EvaMarques]

- Added ``axes_reset_user`` management command to reset lockouts and failed
login records for given users.
[vladimirnani]

- Fixed Travis-PyPI release configuration.
[jezdez]

- Make IP position argument optional.
[aredalen]

- Added possibility to disable access log
[svenhertle]

- Fix for IIS used as reverse proxy adding port number
[Dmitri-Sintsov]

- Made the signal race condition safe.
[Minkey27]

- Added AXES_ONLY_USER_FAILURES to support only looking at the user ID.
[lip77us]

2.2.0

------------------

- Improve the logic when using a reverse proxy to avoid possible attacks.
[camilonova]

2.1.0

------------------

- Add `default_app_config` so you can just use `axes` in `INSTALLED_APPS`
[vdboor]

2.0.0

------------------

- Removed middleware to use app_config
[camilonova]

- Lots of cleaning
[camilonova]

- Improved test suite and versions
[camilonova]

1.7.0

------------------

- Use render shortcut for rendering LOCKOUT_TEMPLATE
[Radosław Luter]

- Added app_label for RemovedInDjango19Warning
[yograterol]

- Add iso8601 translator.
[mullakhmetov]

- Edit json response. Context now contains ISO 8601 formatted cooloff time
[mullakhmetov]

- Add json response and iso8601 tests.
[mullakhmetov]

- Fixes issue 162: UnicodeDecodeError on pip install
[joeribekker]

- Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.
[joeribekker]

1.6.1

------------------

- Fixes whitelist check when BEHIND_REVERSE_PROXY
[Patrick Hagemeister]

- Made migrations py3 compatible
[mvdwaeter]

- Fixing 126, possibly breaking compatibility with Django<=1.7
[int-ua]

- Add note for upgrading users about new migration files
[kelseyq]

- Fixes 148
[camilonova]

- Decorate auth_views.login only once
[teeberg]

- Set IP public/private classifier to be compliant with RFC 1918.
[SilasX]

- Issue 155. Lockout response status code changed to 403.
[Артур Муллахметов]

- BUGFIX: Missing migration
[smeinel]

1.6.0

------------------

- Stopped using render_to_response so that other template engines work
[tarkatronic]

- Improved performance & DoS prevention on query2str
[tarkatronic]

- Immediately return from is_already_locked if the user is not lockable
[jdunck]

- Iterate over ip addresses only once
[annp89]

- added initial migration files to support django 1.7 &up. Upgrading users should run migrate --fake-initial after update
[ibaguio]

- Add db indexes to CommonAccess model
[Schweigi]

1.5.0

------------------

- Fix _get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True
[afioca]

1.4.0

------------------

- Send the user_locked_out signal. Fixes 94.
[toabi]

1.3.9

------------------

- Python 3 fix (104)

1.3.8

------------------

- Rename GitHub organization from django-security to django-pci to emphasize focus on providing assistance with building PCI compliant websites with Django.
[aclark4life]

1.3.7

------------------

- Explain common issues where Axes fails silently
[cericoda]

- Allow for user-defined username field for lookup in POST data
[SteveByerly]

- Log out only if user was logged in
[zoten]

- Support for floats in cooloff time (i.e: 0.1 == 6 minutes)
[marianov]

- Limit amount of POST data logged (73). Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names.
[peterkuma]

- Improve get_ip to try for real ip address
[7wonders]

- Change IPAddressField to GenericIPAddressField. When using a PostgreSQL database and the client does not pass an IP address you get an inet error. This is a known problem with PostgreSQL and the IPAddressField. https://code.djangoproject.com/ticket/5622. It can be fixed by using a GenericIPAddressField instead.
[polvoblanco]

- Get first X-Forwarded-For IP
[tutumcloud]

- White listing IP addresses behind reverse proxy. Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list.
[ericbulloch]

- Reduce logging of reverse proxy IP lookup and use configured logger. Fixes 76. Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging.
[eht16]

- Limit the length of the values logged into the database. Refs 73
[camilonova]

- Refactored tests to be more stable and faster
[camilonova]

- Clean client references
[camilonova]

- Fixed admin login url
[camilonova]

- Added django 1.7 for testing
[camilonova]

- Travis file cleanup
[camilonova]

- Remove hardcoded url path
[camilonova]

- Fixing tests for django 1.7
[Andrew-Crosio]

- Fix for django 1.7 exception not existing
[Andrew-Crosio]

- Removed python 2.6 from testing
[camilonova]

- Use django built-in six version
[camilonova]

- Added six as requirement
[camilonova]

- Added python 2.6 for travis testing
[camilonova]

- Replaced u string literal prefixes with six.u() calls
[amrhassan]

- Fixes object type issue, response is not an string
[camilonova]

- Python 3 compatibility fix for db_reset
[nicois]

- Added example project and helper scripts
[barseghyanartur]

- Admin command to list login attemps
[marianov]

- Replaced six imports with django.utils.six ones
[amrhassan]

- Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2
[amrhassan]

- Replaced `assertIn`s and `assertNotIn`s with `assertContains` and `assertNotContains`
[fcurella]

- Added py3k to travis
[fcurella]

- Update test cases to be python3 compatible
[nicois]

- Python 3 compatibility fix for db_reset
[nicois]

- Removed trash from example urls
[barseghyanartur]

- Added django installer
[barseghyanartur]

- Added example project and helper scripts
[barseghyanartur]

1.3.6

------------------

- Added AttributeError in case get_profile doesn't exist [camilonova]
- Improved axes_reset command [camilonova]

1.3.5

------------------

- Fix an issue with __version__ loading the wrong version [graingert]

1.3.4

------------------

- Update README.rst for PyPI [marty] [camilonova] [graingert]
- Add cooloff period [visualspace]

1.3.3

------------------

- Added 'username' field to the Admin table [bkvirendra]
- Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don't have it is because you explicitly wanted. Fixes 45 [camilonova]

1.3.2

------------------

- Fix an issue when a user logout [camilonova]
- Match pypi version [camilonova]
- Better User model import method [camilonova]
- Use only one place to get the version number [camilonova]
- Fixed an issue when a user on django 1.4 logout [camilonova]
- Handle exception if there is not user profile model set [camilonova]
- Made some cleanup and remove a pokemon exception handling [camilonova]
- Improved tests so it really looks for the rabbit in the hole [camilonova]
- Match pypi version [camilonova]

1.3.1

------------------

- Add support for Django 1.5 [camilonova]

1.3.0

------------------

- Bug fix: get_version() format string [csghormley]

1.2.9

------------------

- Add to and improve test cases [camilonova]

1.2.8

------------------

- Increased http accept header length [jslatts]

1.2.7

------------------

- Reverse proxy support [rmagee]
- Clean up README [martey]

1.2.6

------------------

- Remove unused import [aclark4life]

1.2.5

------------------

- Fix setup.py [aclark4life]
- Added ability to flag user accounts as unlockable. [kencochrane]
- Added ipaddress as a param to the user_locked_out signal. [kencochrane]
- Added a signal receiver for user_logged_out. [kencochrane]
- Added a signal for when a user gets locked out. [kencochrane]
- Added AccessLog model to log all access attempts. [kencochrane]