Metadata-Version: 1.2
Name: django-axes
Version: 4.5.4
Summary: Keep track of failed login attempts in Django-powered sites.
Home-page: https://github.com/jazzband/django-axes
Author: Josh VanderLinden, Philip Neustrom, Michael Blume, Camilo Nova
Author-email: codekoala@gmail.com
Maintainer: Alex Clark
Maintainer-email: aclark@aclark.net
License: MIT
Description: Django Axes
        ===========
        
        .. image:: https://jazzband.co/static/img/badge.svg
           :target: https://jazzband.co/
           :alt: Jazzband
        
        .. image:: https://img.shields.io/pypi/v/django-axes.svg
           :target: https://pypi.org/project/django-axes/
           :alt: PyPI release
        
        .. image:: https://img.shields.io/readthedocs/django-axes.svg
           :target: https://django-axes.readthedocs.io/
           :alt: Documentation
        
        .. image:: https://secure.travis-ci.org/jazzband/django-axes.svg?branch=master
           :target: http://travis-ci.org/jazzband/django-axes
           :alt: Build Status
        
        .. image:: https://codecov.io/gh/jazzband/django-axes/branch/master/graph/badge.svg
           :target: https://codecov.io/gh/jazzband/django-axes
           :alt: Coverage
        
        .. image:: https://img.shields.io/github/stars/jazzband/django-axes.svg?label=Stars&style=socialcA
           :target: https://github.com/jazzband/django-axes
           :alt: GitHub
        
        
        ``django-axes`` is a very simple way for you to keep track of failed login
        attempts, both for the Django admin and for the rest of your site. The name is
        sort of a geeky pun, since ``axes`` can be read interpreted as:
        
        * "access", as in monitoring access attempts
        * "axes", as in tools you can use hack (generally on wood). In this case,
          however, the "hacking" part of it can be taken a bit further: ``django-axes``
          is intended to help you *stop* people from hacking (popular media
          definition) your website. Hilarious, right? That's what I thought too!
        
        
        Documentation
        -------------
        
        For more information see the documentation at:
        
        https://django-axes.readthedocs.io/
        
        
        Issues
        ------
        
        If you have questions or have trouble using the app please file a bug report at:
        
        https://github.com/jazzband/django-axes/issues
        
        
        Contributing
        ------------
        
        Separate proposed changes and PRs into small, distinct patches by type
        so that they can be merged faster into upstream and released quicker:
        
        * Feature
        * Bugfix
        * Code style
        * Documentation
        
        Changes
        =======
        
        4.5.4 (2019-01-15)
        ------------------
        
        - Improve README and documentation
          [aleksihakli]
        
        4.5.3 (2019-01-14)
        ------------------
        
        - Remove the unused ``AccessAttempt.trusted`` flag from models
          [aleksihakli]
        
        - Improve README and Travis CI setups
          [aleksihakli]
        
        
        4.5.2 (2019-01-12)
        ------------------
        
        - Added Turkish translations
          [obayhan]
        
        
        4.5.1 (2019-01-11)
        ------------------
        
        - Removed duplicated check that was causing issues when using APIs.
          [camilonova]
        
        - Added Russian translations
          [lubicz-sielski]
        
        
        4.5.0 (2018-12-25)
        ------------------
        
        - Improve support for custom authentication credentials using the
          ``AXES_USERNAME_FORM_FIELD`` and ``AXES_USERNAME_CALLABLE`` settings.
          [mastacheata]
        
        - Updated behaviour for fetching username from request or credentials:
          If no ``AXES_USERNAME_CALLABLE`` is configured, the optional
          ``credentials`` that are supplied to the axes utility methods
          are now the default source for client username and the HTTP
          request POST is the fallback for fetching the user information.
          ``AXES_USERNAME_CALLABLE`` implements an alternative signature with two
          arguments ``request, credentials`` in addition to the old ``request``
          call argument signature in a backwards compatible fashion.
          [aleksihakli]
        
        - Add official support for the Django 2.1 LTS version and Python 3.7.
          [aleksihakli]
        
        - Improve the requirements, documentation, tests, and CI setup.
          [aleksihakli]
        
        
        4.4.3 (2018-12-08)
        ------------------
        
        - Fix MANIFEST.in missing German translations
          [aleksihakli]
        
        - Add `AXES_RESET_ON_SUCCESS` configuration flag
          [arjenzijlstra]
        
        
        4.4.2 (2018-10-30)
        ------------------
        
        - fix missing migration and add check to prevent it happening again.
          [markddavidoff]
        
        
        4.4.1 (2018-10-24)
        ------------------
        
        - Add a German translation
          [adonig]
        
        - Documentation wording changes
          [markddavidoff]
        
        - Use `get_client_username` in `log_user_login_failed` instead of credentials
          [markddavidoff]
        
        - pin prospector to 0.12.11, and pin astroid to 1.6.5
          [hsiaoyi0504]
        
        
        4.4.0 (2018-05-26)
        ------------------
        
        - Added AXES_USERNAME_CALLABLE
          [jaadus]
        
        
        4.3.1 (2018-04-21)
        ------------------
        
        - Change custom authentication backend failures from error to warning log level
          [aleksihakli]
        
        - Set up strict code linting for CI pipeline that fails builds if linting does not pass
          [aleksihakli]
        
        - Clean up old code base and tests based on linter errors
          [aleksihakli]
        
        
        4.3.0 (2018-04-21)
        ------------------
        
        - Refactor and clean up code layout
          [aleksihakli]
        
        - Add prospector linting and code checks to toolchain
          [aleksihakli]
        
        - Clean up log message formatting and refactor type checks
          [EvaSDK]
        
        - Fix faulty user locking with user agent when AXES_ONLY_USER_FAILURES is set
          [EvaSDK]
        
        
        4.2.1 (2018-04-18)
        ------------------
        
        - Fix unicode string interpolation on Python 2.7
          [aleksihakli]
        
        
        4.2.0 (2018-04-13)
        ------------------
        
        - Add configuration flags for client IP resolving
          [aleksihakli]
        
        - Add AxesModelBackend authentication backend
          [markdaviddoff]
        
        
        4.1.0 (2018-02-18)
        ------------------
        
        - Add AXES_CACHE setting for configuring `axes` specific caching.
          [JWvDronkelaar]
        
        - Add checks and tests for faulty LocMemCache usage in application setup.
          [aleksihakli]
        
        
        4.0.2 (2018-01-19)
        ------------------
        
        - Improve Windows compatibility on Python < 3.4 by utilizing win_inet_pton
          [hsiaoyi0504]
        
        - Add documentation on django-allauth integration
          [grucha]
        
        - Add documentation on known AccessAttempt caching configuration problems
          when using axes with the `django.core.cache.backends.locmem.LocMemCache`
          [aleksihakli]
        
        - Refactor and improve existing AccessAttempt cache reset utility
          [aleksihakli]
        
        
        4.0.1 (2017-12-19)
        ------------------
        
        - Fixes issue when not using `AXES_USERNAME_FORM_FIELD`
          [camilonova]
        
        
        4.0.0 (2017-12-18)
        ------------------
        
        - *BREAKING CHANGES*. `AXES_BEHIND_REVERSE_PROXY` `AXES_REVERSE_PROXY_HEADER`
          `AXES_NUM_PROXIES` were removed in order to use `django-ipware` to get
          the user ip address
          [camilonova]
        
        - Added support for custom username field
          [kakulukia]
        
        - Customizing Axes doc updated
          [pckapps]
        
        - Remove filtering by username
          [camilonova]
        
        - Fixed logging failed attempts to authenticate using a custom authentication
          backend.
          [D3X]
        
        
        3.0.3 (2017-11-23)
        ------------------
        
        - Test against Python 2.7.
          [mbaechtold]
        
        - Test against Python 3.4.
          [pope1ni]
        
        
        3.0.2 (2017-11-21)
        ------------------
        
        - Added form_invalid decorator. Fixes #265
          [camilonova]
        
        
        3.0.1 (2017-11-17)
        ------------------
        
        - Fix DeprecationWarning for logger warning
          [richardowen]
        
        - Fixes global lockout possibility
          [joeribekker]
        
        - Changed the way output is handled in the management commands
          [ataylor32]
        
        
        3.0.0 (2017-11-17)
        ------------------
        
        - BREAKING CHANGES. Support for Django >= 1.11 and signals, see issue #215.
          Drop support for Python < 3.6
          [camilonova]
        
        
        2.3.3 (2017-07-20)
        ------------------
        
        - Many tweaks and handles successful AJAX logins.
          [Jack Sullivan]
        
        - Add tests for proxy number parametrization
          [aleksihakli]
        
        - Add AXES_NUM_PROXIES setting
          [aleksihakli]
        
        - Log failed access attempts regardless of settings
          [jimr]
        
        - Updated configuration docs to include AXES_IP_WHITELIST
          [Minkey27]
        
        - Add test for get_cache_key function
          [jorlugaqui]
        
        - Delete cache key in reset command line
          [jorlugaqui]
        
        - Add signals for setting/deleting cache keys
          [jorlugaqui]
        
        
        2.3.2 (2016-11-24)
        ------------------
        
        - Only look for lockable users on a POST
          [schinckel]
        
        - Fix and add tests for IPv4 and IPv6 parsing
          [aleksihakli]
        
        
        2.3.1 (2016-11-12)
        ------------------
        
        - Added settings for disabling success accesslogs
          [Minkey27]
        
        - Fixed illegal IP address string passed to inet_pton
          [samkuehn]
        
        
        2.3.0 (2016-11-04)
        ------------------
        
        - Fixed ``axes_reset`` management command to skip "ip" prefix to command
          arguments.
          [EvaMarques]
        
        - Added ``axes_reset_user`` management command to reset lockouts and failed
          login records for given users.
          [vladimirnani]
        
        - Fixed Travis-PyPI release configuration.
          [jezdez]
        
        - Make IP position argument optional.
          [aredalen]
        
        - Added possibility to disable access log
          [svenhertle]
        
        - Fix for IIS used as reverse proxy adding port number
          [Dmitri-Sintsov]
        
        - Made the signal race condition safe.
          [Minkey27]
        
        - Added AXES_ONLY_USER_FAILURES to support only looking at the user ID.
          [lip77us]
        
        
        2.2.0 (2016-07-20)
        ------------------
        
        - Improve the logic when using a reverse proxy to avoid possible attacks.
          [camilonova]
        
        
        2.1.0 (2016-07-14)
        ------------------
        
        - Add `default_app_config` so you can just use `axes` in `INSTALLED_APPS`
          [vdboor]
        
        
        2.0.0 (2016-06-24)
        ------------------
        
        - Removed middleware to use app_config
          [camilonova]
        
        - Lots of cleaning
          [camilonova]
        
        - Improved test suite and versions
          [camilonova]
        
        
        1.7.0 (2016-06-10)
        ------------------
        
        - Use render shortcut for rendering LOCKOUT_TEMPLATE
          [Radosław Luter]
        
        - Added app_label for RemovedInDjango19Warning
          [yograterol]
        
        - Add iso8601 translator.
          [mullakhmetov]
        
        - Edit json response. Context now contains ISO 8601 formatted cooloff time
          [mullakhmetov]
        
        - Add json response and iso8601 tests.
          [mullakhmetov]
        
        - Fixes issue 162: UnicodeDecodeError on pip install
          [joeribekker]
        
        - Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.
          [joeribekker]
        
        
        1.6.1 (2016-05-13)
        ------------------
        
        - Fixes whitelist check when BEHIND_REVERSE_PROXY
          [Patrick Hagemeister]
        
        - Made migrations py3 compatible
          [mvdwaeter]
        
        - Fixing #126, possibly breaking compatibility with Django<=1.7
          [int-ua]
        
        - Add note for upgrading users about new migration files
          [kelseyq]
        
        - Fixes #148
          [camilonova]
        
        - Decorate auth_views.login only once
          [teeberg]
        
        - Set IP public/private classifier to be compliant with RFC 1918.
          [SilasX]
        
        - Issue #155. Lockout response status code changed to 403.
          [Артур Муллахметов]
        
        - BUGFIX: Missing migration
          [smeinel]
        
        1.6.0 (2016-01-07)
        ------------------
        
        - Stopped using render_to_response so that other template engines work
          [tarkatronic]
        
        - Improved performance & DoS prevention on query2str
          [tarkatronic]
        
        - Immediately return from is_already_locked if the user is not lockable
          [jdunck]
        
        - Iterate over ip addresses only once
          [annp89]
        
        - added initial migration files to support django 1.7 &up. Upgrading users should run migrate --fake-initial after update
          [ibaguio]
        
        - Add db indexes to CommonAccess model
          [Schweigi]
        
        1.5.0 (2015-09-11)
        ------------------
        
        - Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True
          [afioca]
        
        1.4.0 (2015-08-09)
        ------------------
        
        - Send the user_locked_out signal. Fixes #94.
          [toabi]
        
        1.3.9 (2015-02-11)
        ------------------
        
        - Python 3 fix (#104)
        
        1.3.8 (2014-10-07)
        ------------------
        
        - Rename GitHub organization from django-security to django-pci to emphasize focus on providing assistance with building PCI compliant websites with Django.
          [aclark4life]
        
        1.3.7 (2014-10-05)
        ------------------
        
        - Explain common issues where Axes fails silently
          [cericoda]
        
        - Allow for user-defined username field for lookup in POST data
          [SteveByerly]
        
        - Log out only if user was logged in
          [zoten]
        
        - Support for floats in cooloff time (i.e: 0.1 == 6 minutes)
          [marianov]
        
        - Limit amount of POST data logged (#73). Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names.
          [peterkuma]
        
        - Improve get_ip to try for real ip address
          [7wonders]
        
        - Change IPAddressField to GenericIPAddressField. When using a PostgreSQL database and the client does not pass an IP address you get an inet error. This is a known problem with PostgreSQL and the IPAddressField. https://code.djangoproject.com/ticket/5622. It can be fixed by using a GenericIPAddressField instead.
          [polvoblanco]
        
        - Get first X-Forwarded-For IP
          [tutumcloud]
        
        - White listing IP addresses behind reverse proxy. Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list.
          [ericbulloch]
        
        - Reduce logging of reverse proxy IP lookup and use configured logger. Fixes #76. Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging.
          [eht16]
        
        - Limit the length of the values logged into the database. Refs #73
          [camilonova]
        
        - Refactored tests to be more stable and faster
          [camilonova]
        
        - Clean client references
          [camilonova]
        
        - Fixed admin login url
          [camilonova]
        
        - Added django 1.7 for testing
          [camilonova]
        
        - Travis file cleanup
          [camilonova]
        
        - Remove hardcoded url path
          [camilonova]
        
        - Fixing tests for django 1.7
          [Andrew-Crosio]
        
        - Fix for django 1.7 exception not existing
          [Andrew-Crosio]
        
        - Removed python 2.6 from testing
          [camilonova]
        
        - Use django built-in six version
          [camilonova]
        
        - Added six as requirement
          [camilonova]
        
        - Added python 2.6 for travis testing
          [camilonova]
        
        - Replaced u string literal prefixes with six.u() calls
          [amrhassan]
        
        - Fixes object type issue, response is not an string
          [camilonova]
        
        - Python 3 compatibility fix for db_reset
          [nicois]
        
        - Added example project and helper scripts
          [barseghyanartur]
        
        - Admin command to list login attemps
          [marianov]
        
        - Replaced six imports with django.utils.six ones
          [amrhassan]
        
        - Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2
          [amrhassan]
        
        - Replaced `assertIn`s and `assertNotIn`s with `assertContains` and `assertNotContains`
          [fcurella]
        
        - Added py3k to travis
          [fcurella]
        
        - Update test cases to be python3 compatible
          [nicois]
        
        - Python 3 compatibility fix for db_reset
          [nicois]
        
        - Removed trash from example urls
          [barseghyanartur]
        
        - Added django installer
          [barseghyanartur]
        
        - Added example project and helper scripts
          [barseghyanartur]
        
        
        1.3.6 (2013-11-23)
        ------------------
        
        - Added AttributeError in case get_profile doesn't exist [camilonova]
        - Improved axes_reset command [camilonova]
        
        
        1.3.5 (2013-11-01)
        ------------------
        
        - Fix an issue with __version__ loading the wrong version [graingert]
        
        
        1.3.4 (2013-11-01)
        ------------------
        
        - Update README.rst for PyPI [marty] [camilonova] [graingert]
        - Add cooloff period [visualspace]
        
        
        1.3.3 (2013-07-05)
        ------------------
        
        - Added 'username' field to the Admin table [bkvirendra]
        - Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don't have it is because you explicitly wanted. Fixes #45 [camilonova]
        
        
        1.3.2 (2013-03-28)
        ------------------
        
        - Fix an issue when a user logout [camilonova]
        - Match pypi version [camilonova]
        - Better User model import method [camilonova]
        - Use only one place to get the version number [camilonova]
        - Fixed an issue when a user on django 1.4 logout [camilonova]
        - Handle exception if there is not user profile model set [camilonova]
        - Made some cleanup and remove a pokemon exception handling [camilonova]
        - Improved tests so it really looks for the rabbit in the hole [camilonova]
        - Match pypi version [camilonova]
        
        
        1.3.1 (2013-03-19)
        ------------------
        
        - Add support for Django 1.5 [camilonova]
        
        
        1.3.0 (2013-02-27)
        ------------------
        
        - Bug fix: get_version() format string [csghormley]
        
        
        1.2.9 (2013-02-20)
        ------------------
        
        - Add to and improve test cases [camilonova]
        
        
        1.2.8 (2013-01-23)
        ------------------
        
        - Increased http accept header length [jslatts]
        
        
        1.2.7 (2013-01-17)
        ------------------
        
        - Reverse proxy support [rmagee]
        - Clean up README [martey]
        
        
        1.2.6 (2012-12-04)
        ------------------
        
        - Remove unused import [aclark4life]
        
        
        1.2.5 (2012-11-28)
        ------------------
        
        - Fix setup.py [aclark4life]
        - Added ability to flag user accounts as unlockable. [kencochrane]
        - Added ipaddress as a param to the user_locked_out signal. [kencochrane]
        - Added a signal receiver for user_logged_out. [kencochrane]
        - Added a signal for when a user gets locked out. [kencochrane]
        - Added AccessLog model to log all access attempts. [kencochrane]
        
Keywords: authentication,django,pci,security
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 1.11
Classifier: Framework :: Django :: 2.0
Classifier: Framework :: Django :: 2.1
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Topic :: Internet :: Log Analysis
Classifier: Topic :: Security
Classifier: Topic :: System :: Logging
