Closed antetna closed 5 years ago
Found solution with slightly modified LOGIN_SERIALIZER
in django-rest-auth
try:
user = self._validate_username_email(username, '', password)
except AxesSignalPermissionDenied:
blocked_by_axes = True
# Did we get back an active user?
if user:
if not user.is_active:
msg = _('User account is disabled.')
raise exceptions.ValidationError(msg)
else:
if blocked_by_axes:
msg = _('Access denied due the {max_attempts} login failures.'.format(max_attempts=settings.AXES_FAILURE_LIMIT))
else:
msg = _('Unable to log in with provided credentials.')
raise exceptions.ValidationError(msg)
Hello,
I am using these packages:
If I use DRF login views it works as expected, locked out users will see lockout template page.
When using django-rest-auth how to know if wrong credentials provided or user locked out by django-axes. Before using django-axes it was easy because repsonse was HTTP 400 for failed logins, now even when good credentials provided if user has been locked out by django-axes I will get HTTP 400.
Maybe django-rest-auth should listen for signal to catch this ?
django-axes/handlers/database