atexio / mercure

Mercure is a tool for security managers who want to train their colleague to phishing.
https://hub.docker.com/r/atexio/mercure/
GNU General Public License v3.0
267 stars 56 forks source link

Update django-axes to 5.0.12 #279

Closed pyup-bot closed 5 years ago

pyup-bot commented 5 years ago

This PR updates django-axes from 4.5.4 to 5.0.12.

Changelog ### 5.0.12 ``` ------------------- - Support callables for ``AXES_COOLOFF_TIME`` setting. [DariaPlotnikova] ``` ### 5.0.11 ``` ------------------- - Fix typo in rST formatting that prevented 5.0.10 release to PyPI. [aleksihakli] ``` ### 5.0.10 ``` ------------------- - Refactor type checks for ``axes.helpers.get_client_cache_key`` for framework compatibility, fixes 471. [aleksihakli] ``` ### 5.0.9 ``` ------------------ - Add better handling for attempt and log resets by moving them into handlers which allows customization and more configurability. Unimplemented handlers raise ``NotImplementedError`` by default. [aleksihakli] - Add Python 3.8 dev version and PyPy to the Travis test matrix. [aleksihakli] ``` ### 5.0.8 ``` ------------------ - Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site. [hramezani] - Add ``axes_reset_logs`` command for removing old AccessLog records. [tlebrize] - Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check. [adamchainz] ``` ### 5.0.7 ``` ------------------ - Fix lockout message showing when lockout is disabled with the ``AXES_LOCK_OUT_AT_FAILURE`` setting. [mogzol] - Add support for callable ``AXES_FAILURE_LIMIT`` setting. [bbayles] ``` ### 5.0.6 ``` ------------------ - Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of ``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality. Update documentation to better reflect the behaviour of the flag. [aleksihakli] ``` ### 5.0.5 ``` ------------------ - Change the lockout response calculation to request flagging instead of exception throwing in the signal handler and middleware. Move request attribute calculation from middleware to handler layer. Deprecate ``axes.request.AxesHttpRequest`` object type definition. [aleksihakli] - Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class. [aleksihakli] - Improve documentation on attempt tracking, resets, Axes customization, project and component compatibility and integrations, and other things. [aleksihakli] ``` ### 5.0.4 ``` ------------------ - Fix regression with OAuth2 authentication backends not having remote IP addresses set and throwing an exception in cache key calculation. [aleksihakli] ``` ### 5.0.3 ``` ------------------ - Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality so that they work with the handlers without the an ``AxesHttpRequest`` to improve cross compatibility with other Django applications. [aleksihakli] - Change IP address resolution to allow empty or missing addresses. [aleksihakli] - Add error logging for missing request attributes in the handler layer so that users get better indicators of misconfigured applications. [aleksihakli] ``` ### 5.0.2 ``` ------------------ - Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests that use Django test client ``login``, ``logout``, and ``force_login`` methods, which do not supply the ``request`` argument to views, preventing Axes from functioning correctly in certain test setups. [aleksihakli] ``` ### 5.0.1 ``` ------------------ - Add changelog to documentation. [aleksihakli] ``` ### 5.0 ``` ---------------- - Deprecate Python 2.7, 3.4 and 3.5 support. [aleksihakli] - Remove automatic decoration and monkey-patching of Django views and forms. Decorators are available for login function and method decoration as before. [aleksihakli] - Use backend, middleware, and signal handlers for tracking login attempts and implementing user lockouts. [aleksihakli, jorlugaqui, joshua-s] - Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler`` handler backends for processing user login and logout events and failures. Handlers are configurable with the ``AXES_HANDLER`` setting. [aleksihakli, jorlugaqui, joshua-s] - Improve management commands and separate commands for resetting all access attempts, attempts by IP, and attempts by username. New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``. [aleksihakli] - Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths in addition to the old callable type such as a function or a class method. [aleksihakli] - Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``. From now on, the callable needs to accept two arguments, the HttpRequest and credentials that are supplied to the Django ``authenticate`` method in authentication backends. [aleksihakli] - Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``. Various other previously undocumented methods have been deprecated and moved inside the project. The new documented public APIs can be considered as stable and can be safely utilized by other projects. [aleksihakli] - Improve documentation layouting and contents. Add public API reference section. [aleksihakli] ```
Links - PyPI: https://pypi.org/project/django-axes - Changelog: https://pyup.io/changelogs/django-axes/ - Repo: https://github.com/jazzband/django-axes
pyup-bot commented 5 years ago

Closing this in favor of #281