Django login with django-axes
NickName:Lee Ask DateTime:2014-09-10T15:50:18

Django login with django-axes

I created a site with django. Users should be able to login. The login-view looks like this:

from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
....
if request.method == 'POST':       
        username = request.POST['username']#get username
        password = request.POST['txtPwd']# and password 
        user = authenticate(username=username, password=password) #checking username and pwd
        if user is not None:
            if user.is_active:
                login(request, user)

But with this "solution" i can't handle an brute force attack. So I looked around and found this: Throttling brute force login attacks in Django

The first answer was helpful. I choosed django-axes because django-ratelimit count only the amout of calling a view.

But here is my problem: When i try to login with wrong password it doesn't count the failure. (Only at the /admin-section).

I found no option to "add" my login-view to django-axes.

So here is my question:

How can I configure django-axes to handle the failed logins from my login-view?

EDIT: Here is my settings-file:

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'axes',
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'axes.middleware.FailedLoginMiddleware'
)

...

AXES_LOCK_OUT_AT_FAILURE = False
AXES_USE_USER_AGENT = True
AXES_COOLOFF_TIME = 1
AXES_LOGIN_FAILURE_LIMIT = 50


Copyright Notice:Content Author:「Lee」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/25760023/django-login-with-django-axes

Answers
Alex Lisovoy 2014-09-11T07:41:12

By default django-axes used django's login view *(django.contrib.auth.views.login). In middleware this view decorate with watch_login. \n\nSo you can solve your issue in two ways:\n\n\nuse standard login view. In this way django-axes does not require additional setup.\ndecorate your's login view with watch_login decorator. \n\n\nFor example: views.py\n\nfrom axes.decorators import watch_login\n...\n\n@watch_login\ndef your_custom_login_view(request):\n ...\n\n\nIt will then be used like this in class based view as mentioned by @Ali Faizan:\n\n@method_decorator(watch_login, name='dispatch')\nclass your_custom_login_view():\n ...\n",

Products recommended by Amazon
More >>>
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
 HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
 AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
 Timberland Men's 6-Inch Premium Waterproof Boot
Timberland Men's 6-Inch Premium Waterproof Boot
More about “Django login with django-axes” related questions
Django login with django-axes

I created a site with django. Users should be able to login. The login-view looks like this: from django.contrib.auth import authenticate, login from django.contrib.auth.models import User .... if

Show Detail
Django-axes not working with custom login view

I have followed the below links before asking this question as it seems like a duplicate, but of no use. So I'm asking again. Django login with django-axes django-axes not capturing failed login

Show Detail
django-axes failed login attempts are not consecutive

django-axes 4.1.0. I set the following configurations for django-axes which are working fine to soe limit: AXES_LOCK_OUT_AT_FAILURE = config('AXES_LOCK_OUT_AT_FAILURE', default=True, cast=bool)

Show Detail
django-axes with custom user model

I’ve been struggling to include django-axes into a project where I’m using a custom User model. Finally, I got this almost working. I say “almost” because none errors are shown, but unfortunately d...

Show Detail
How to ban client ip adress with django-axes instead of the local ip address of the angular server from which the login request is transmitted?

I use django-rest-framework as a back-end and Angular 7 as a front-end. I wanted to secure my login page by limiting the login attempts and I did so with django-axes. The problem is that the login

Show Detail
django-axes is not getting the request argument

I recently added django-axes to my Django project. It is suppose to work out the box with django-restframework. However, I am using django-rest-framework-simplejwt to handle authentication. But it ...

Show Detail
django-axes not capturing failed login attempt on RPC

I use django-axes to capture the failed login but I thing this library uses the internal DB of django and my case the authentication is a RPC call. The code is: urls.py url(r'^$', watch_login(views.

Show Detail
How to use django-tastypie with django-axes

Settings: django==1.8 django-tastypie==0.13 django-axes==2.3 I've got login resource through tastypie what looks like below from django.contrib.auth import login class LoginResource(Resource): ...

Show Detail
IP address for django-axes logins does not show

I have django-axes running with my Django app and so far everything works fine, however, in the django-axes admin section, the IP addresses do not seem to work. It just shows a "-". Is th...

Show Detail
django-axes lockout not working

Has anyone here successfully configured django-axes? Axes is a module which provides you with the ability to lock out a user after a specified number of unsuccessful login attempts. I'm having th...

Show Detail