Changelog
### 5.7.1
```
------------------
- Adjust settings import and handling chain
for cleaner module import and invocation order.
[aleksihakli]
- Adjust the use of ``AXES_ENABLED`` flag so that
imports are always done the same way and initial log
is written regardless of the setting and it only affects
code that is decorated or wrapped with ``toggleable``.
[alekshakli]
```
### 5.7.0
```
------------------
- Deprecate ``AXES_LOGGER`` Axes setting and move to ``__name__``
based logging and fully qualified Python module name log identifiers.
[aleksihakli]
```
### 5.6.2
```
------------------
- Fix regression in ``axes_reset_user`` management command.
[aleksihakli]
```
### 5.6.1
```
------------------
- Improve test dependency management and upgrade black code formatter.
[smithdc1]
```
### 5.6.0
```
------------------
- Add proper development ``subTest`` support via ``pytest-subtests`` package.
[smithdc1]
- Deprecate ``django-appconf`` and use plain settings for Axes.
[aleksihakli]
```
### 5.5.2
```
------------------
- Update deprecating use of the ``request.is_ajax`` method.
[smithdc1]
```
### 5.5.1
```
------------------
- Update deprecated uses of Django modules and members.
[smithdc1]
```
### 5.5.0
```
------------------
- Add support for locking requests based on
username OR IP address with inclusive or
using the ``LOCK_OUT_BY_USER_OR_IP`` flag.
[PetrDlouhy]
- Deprecate Signal ``providing_args`` for Django 3.1 support.
[coredumperror]
```
### 5.4.3
```
------------------
- Add Django 3.1 support.
[hramezani]
```
### 5.4.2
```
------------------
- Add ABC or abstract base class implementation for handlers.
[jorlugaqui]
```
### 5.4.1
```
------------------
- Fix code styling for linters.
[aleksihakli]
```
### 5.4.0
```
------------------
- Propagate username to lockout view in URL parameters.
[PetrDlouhy]
- Update CAPTCHA examples.
[PetrDlouhy]
- Upgrade django-ipware to version 3.
[hramezani,mnislam01]
```
### 5.3.5
```
------------------
- Restrict ipware version for version compatibility.
[aleksihakli]
```
### 5.3.4
```
------------------
- Deprecate Django 1.11 LTS support.
[aleksihakli]
```
### 5.3.3
```
------------------
- Fix ``AXES_ONLY_ADMIN_SITE`` functionality when
no default admin site is defined in the URL configuration.
[igor-shevchenko]
```
### 5.3.2
```
------------------
- Fix AppConf settings prefix for Fargate.
[marksweb]
```
### 5.3.1
```
------------------
- Fix null byte ValueError bug in ORM.
[ddimmich]
```
### 5.3.0
```
------------------
- Improve Django REST Framework compatibility.
[I0x4dI]
```
### 5.2.2
```
------------------
- Add missing proxy implementation for
``axes.handlers.proxy.AxesProxyHandler.get_failures``.
[aleksihakli]
```
### 5.2.1
```
------------------
- Add django-reversion compatibility notes.
[mark-mishyn]
- Add pluggable lockout responses and the
``AXES_LOCKOUT_CALLABLE`` configuration flag.
[aleksihakli]
```
### 5.2.0
```
------------------
- Add a test handler.
[aidanlister]
```
### 5.1.0
```
------------------
- Add pluggable user account whitelisting and the
``AXES_WHITELIST_CALLABLE`` configuration flag.
[aleksihakli]
```
### 5.0.20
```
-------------------
- Fix django-allauth compatibility issue.
[hramezani]
- Improve tests for login attempt monitoring.
[hramezani]
- Add reverse proxy documentation.
[ckcollab]
- Update OAuth documentation examples.
[aleksihakli]
```
### 5.0.19
```
-------------------
- Optimize access attempt fetching in database handler.
[hramezani]
- Optimize request data fetching in proxy handler.
[hramezani]
```
### 5.0.18
```
-------------------
- Add ``cooloff_timedelta`` context variable to lockout responses.
[jstockwin]
```
### 5.0.17
```
-------------------
- Safer string formatting for user input.
[aleksihakli]
```
### 5.0.16
```
-------------------
- Fix string formatting bug in logging.
[zerolab]
```
### 5.0.15
```
-------------------
- Add ``AXES_ENABLE_ADMIN`` flag.
[flannelhead]
```
### 5.0.14
```
-------------------
- Docs, CI pipeline, and code formatting improvements
[aleksihakli]
```
### 5.0.13
```
-------------------
- Python 3.8 and PyPy support.
[aleksihakli]
- Migrate to ``setuptools_scm`` and automatic versioning.
[aleksihakli]
```
### 5.0.12
```
-------------------
- Support callables for ``AXES_COOLOFF_TIME`` setting.
[DariaPlotnikova]
```
### 5.0.11
```
-------------------
- Fix typo in rST formatting that prevented 5.0.10 release to PyPI.
[aleksihakli]
```
### 5.0.10
```
-------------------
- Refactor type checks for ``axes.helpers.get_client_cache_key``
for framework compatibility, fixes 471.
[aleksihakli]
```
### 5.0.9
```
------------------
- Add better handling for attempt and log resets by moving them
into handlers which allows customization and more configurability.
Unimplemented handlers raise ``NotImplementedError`` by default.
[aleksihakli]
- Add Python 3.8 dev version and PyPy to the Travis test matrix.
[aleksihakli]
```
### 5.0.8
```
------------------
- Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site.
[hramezani]
- Add ``axes_reset_logs`` command for removing old AccessLog records.
[tlebrize]
- Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check.
[adamchainz]
```
### 5.0.7
```
------------------
- Fix lockout message showing when lockout is disabled
with the ``AXES_LOCK_OUT_AT_FAILURE`` setting.
[mogzol]
- Add support for callable ``AXES_FAILURE_LIMIT`` setting.
[bbayles]
```
### 5.0.6
```
------------------
- Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of
``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality.
Update documentation to better reflect the behaviour of the flag.
[aleksihakli]
```
### 5.0.5
```
------------------
- Change the lockout response calculation to request flagging
instead of exception throwing in the signal handler and middleware.
Move request attribute calculation from middleware to handler layer.
Deprecate ``axes.request.AxesHttpRequest`` object type definition.
[aleksihakli]
- Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class.
[aleksihakli]
- Improve documentation on attempt tracking, resets, Axes customization,
project and component compatibility and integrations, and other things.
[aleksihakli]
```
### 5.0.4
```
------------------
- Fix regression with OAuth2 authentication backends not having remote
IP addresses set and throwing an exception in cache key calculation.
[aleksihakli]
```
### 5.0.3
```
------------------
- Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality
so that they work with the handlers without the an ``AxesHttpRequest``
to improve cross compatibility with other Django applications.
[aleksihakli]
- Change IP address resolution to allow empty or missing addresses.
[aleksihakli]
- Add error logging for missing request attributes in the handler layer
so that users get better indicators of misconfigured applications.
[aleksihakli]
```
### 5.0.2
```
------------------
- Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests
that use Django test client ``login``, ``logout``, and ``force_login``
methods, which do not supply the ``request`` argument to views,
preventing Axes from functioning correctly in certain test setups.
[aleksihakli]
```
### 5.0.1
```
------------------
- Add changelog to documentation.
[aleksihakli]
```
### 5.0
```
----------------
- Deprecate Python 2.7, 3.4 and 3.5 support.
[aleksihakli]
- Remove automatic decoration and monkey-patching of Django views and forms.
Decorators are available for login function and method decoration as before.
[aleksihakli]
- Use backend, middleware, and signal handlers for tracking
login attempts and implementing user lockouts.
[aleksihakli, jorlugaqui, joshua-s]
- Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler``
handler backends for processing user login and logout events and failures.
Handlers are configurable with the ``AXES_HANDLER`` setting.
[aleksihakli, jorlugaqui, joshua-s]
- Improve management commands and separate commands for resetting
all access attempts, attempts by IP, and attempts by username.
New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``.
[aleksihakli]
- Add support for string import for ``AXES_USERNAME_CALLABLE``
that supports dotted paths in addition to the old
callable type such as a function or a class method.
[aleksihakli]
- Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``.
From now on, the callable needs to accept two arguments,
the HttpRequest and credentials that are supplied to the
Django ``authenticate`` method in authentication backends.
[aleksihakli]
- Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``.
Various other previously undocumented methods have been deprecated and moved inside the project.
The new documented public APIs can be considered as stable and can be safely utilized by other projects.
[aleksihakli]
- Improve documentation layouting and contents. Add public API reference section.
[aleksihakli]
```
Links
- PyPI: https://pypi.org/project/django-axes
- Changelog: https://pyup.io/changelogs/django-axes/
- Repo: https://github.com/jazzband/django-axes
This PR updates django-axes from 4.5.4 to 5.7.1.
Changelog
### 5.7.1 ``` ------------------ - Adjust settings import and handling chain for cleaner module import and invocation order. [aleksihakli] - Adjust the use of ``AXES_ENABLED`` flag so that imports are always done the same way and initial log is written regardless of the setting and it only affects code that is decorated or wrapped with ``toggleable``. [alekshakli] ``` ### 5.7.0 ``` ------------------ - Deprecate ``AXES_LOGGER`` Axes setting and move to ``__name__`` based logging and fully qualified Python module name log identifiers. [aleksihakli] ``` ### 5.6.2 ``` ------------------ - Fix regression in ``axes_reset_user`` management command. [aleksihakli] ``` ### 5.6.1 ``` ------------------ - Improve test dependency management and upgrade black code formatter. [smithdc1] ``` ### 5.6.0 ``` ------------------ - Add proper development ``subTest`` support via ``pytest-subtests`` package. [smithdc1] - Deprecate ``django-appconf`` and use plain settings for Axes. [aleksihakli] ``` ### 5.5.2 ``` ------------------ - Update deprecating use of the ``request.is_ajax`` method. [smithdc1] ``` ### 5.5.1 ``` ------------------ - Update deprecated uses of Django modules and members. [smithdc1] ``` ### 5.5.0 ``` ------------------ - Add support for locking requests based on username OR IP address with inclusive or using the ``LOCK_OUT_BY_USER_OR_IP`` flag. [PetrDlouhy] - Deprecate Signal ``providing_args`` for Django 3.1 support. [coredumperror] ``` ### 5.4.3 ``` ------------------ - Add Django 3.1 support. [hramezani] ``` ### 5.4.2 ``` ------------------ - Add ABC or abstract base class implementation for handlers. [jorlugaqui] ``` ### 5.4.1 ``` ------------------ - Fix code styling for linters. [aleksihakli] ``` ### 5.4.0 ``` ------------------ - Propagate username to lockout view in URL parameters. [PetrDlouhy] - Update CAPTCHA examples. [PetrDlouhy] - Upgrade django-ipware to version 3. [hramezani,mnislam01] ``` ### 5.3.5 ``` ------------------ - Restrict ipware version for version compatibility. [aleksihakli] ``` ### 5.3.4 ``` ------------------ - Deprecate Django 1.11 LTS support. [aleksihakli] ``` ### 5.3.3 ``` ------------------ - Fix ``AXES_ONLY_ADMIN_SITE`` functionality when no default admin site is defined in the URL configuration. [igor-shevchenko] ``` ### 5.3.2 ``` ------------------ - Fix AppConf settings prefix for Fargate. [marksweb] ``` ### 5.3.1 ``` ------------------ - Fix null byte ValueError bug in ORM. [ddimmich] ``` ### 5.3.0 ``` ------------------ - Improve Django REST Framework compatibility. [I0x4dI] ``` ### 5.2.2 ``` ------------------ - Add missing proxy implementation for ``axes.handlers.proxy.AxesProxyHandler.get_failures``. [aleksihakli] ``` ### 5.2.1 ``` ------------------ - Add django-reversion compatibility notes. [mark-mishyn] - Add pluggable lockout responses and the ``AXES_LOCKOUT_CALLABLE`` configuration flag. [aleksihakli] ``` ### 5.2.0 ``` ------------------ - Add a test handler. [aidanlister] ``` ### 5.1.0 ``` ------------------ - Add pluggable user account whitelisting and the ``AXES_WHITELIST_CALLABLE`` configuration flag. [aleksihakli] ``` ### 5.0.20 ``` ------------------- - Fix django-allauth compatibility issue. [hramezani] - Improve tests for login attempt monitoring. [hramezani] - Add reverse proxy documentation. [ckcollab] - Update OAuth documentation examples. [aleksihakli] ``` ### 5.0.19 ``` ------------------- - Optimize access attempt fetching in database handler. [hramezani] - Optimize request data fetching in proxy handler. [hramezani] ``` ### 5.0.18 ``` ------------------- - Add ``cooloff_timedelta`` context variable to lockout responses. [jstockwin] ``` ### 5.0.17 ``` ------------------- - Safer string formatting for user input. [aleksihakli] ``` ### 5.0.16 ``` ------------------- - Fix string formatting bug in logging. [zerolab] ``` ### 5.0.15 ``` ------------------- - Add ``AXES_ENABLE_ADMIN`` flag. [flannelhead] ``` ### 5.0.14 ``` ------------------- - Docs, CI pipeline, and code formatting improvements [aleksihakli] ``` ### 5.0.13 ``` ------------------- - Python 3.8 and PyPy support. [aleksihakli] - Migrate to ``setuptools_scm`` and automatic versioning. [aleksihakli] ``` ### 5.0.12 ``` ------------------- - Support callables for ``AXES_COOLOFF_TIME`` setting. [DariaPlotnikova] ``` ### 5.0.11 ``` ------------------- - Fix typo in rST formatting that prevented 5.0.10 release to PyPI. [aleksihakli] ``` ### 5.0.10 ``` ------------------- - Refactor type checks for ``axes.helpers.get_client_cache_key`` for framework compatibility, fixes 471. [aleksihakli] ``` ### 5.0.9 ``` ------------------ - Add better handling for attempt and log resets by moving them into handlers which allows customization and more configurability. Unimplemented handlers raise ``NotImplementedError`` by default. [aleksihakli] - Add Python 3.8 dev version and PyPy to the Travis test matrix. [aleksihakli] ``` ### 5.0.8 ``` ------------------ - Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site. [hramezani] - Add ``axes_reset_logs`` command for removing old AccessLog records. [tlebrize] - Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check. [adamchainz] ``` ### 5.0.7 ``` ------------------ - Fix lockout message showing when lockout is disabled with the ``AXES_LOCK_OUT_AT_FAILURE`` setting. [mogzol] - Add support for callable ``AXES_FAILURE_LIMIT`` setting. [bbayles] ``` ### 5.0.6 ``` ------------------ - Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of ``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality. Update documentation to better reflect the behaviour of the flag. [aleksihakli] ``` ### 5.0.5 ``` ------------------ - Change the lockout response calculation to request flagging instead of exception throwing in the signal handler and middleware. Move request attribute calculation from middleware to handler layer. Deprecate ``axes.request.AxesHttpRequest`` object type definition. [aleksihakli] - Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class. [aleksihakli] - Improve documentation on attempt tracking, resets, Axes customization, project and component compatibility and integrations, and other things. [aleksihakli] ``` ### 5.0.4 ``` ------------------ - Fix regression with OAuth2 authentication backends not having remote IP addresses set and throwing an exception in cache key calculation. [aleksihakli] ``` ### 5.0.3 ``` ------------------ - Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality so that they work with the handlers without the an ``AxesHttpRequest`` to improve cross compatibility with other Django applications. [aleksihakli] - Change IP address resolution to allow empty or missing addresses. [aleksihakli] - Add error logging for missing request attributes in the handler layer so that users get better indicators of misconfigured applications. [aleksihakli] ``` ### 5.0.2 ``` ------------------ - Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests that use Django test client ``login``, ``logout``, and ``force_login`` methods, which do not supply the ``request`` argument to views, preventing Axes from functioning correctly in certain test setups. [aleksihakli] ``` ### 5.0.1 ``` ------------------ - Add changelog to documentation. [aleksihakli] ``` ### 5.0 ``` ---------------- - Deprecate Python 2.7, 3.4 and 3.5 support. [aleksihakli] - Remove automatic decoration and monkey-patching of Django views and forms. Decorators are available for login function and method decoration as before. [aleksihakli] - Use backend, middleware, and signal handlers for tracking login attempts and implementing user lockouts. [aleksihakli, jorlugaqui, joshua-s] - Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler`` handler backends for processing user login and logout events and failures. Handlers are configurable with the ``AXES_HANDLER`` setting. [aleksihakli, jorlugaqui, joshua-s] - Improve management commands and separate commands for resetting all access attempts, attempts by IP, and attempts by username. New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``. [aleksihakli] - Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths in addition to the old callable type such as a function or a class method. [aleksihakli] - Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``. From now on, the callable needs to accept two arguments, the HttpRequest and credentials that are supplied to the Django ``authenticate`` method in authentication backends. [aleksihakli] - Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``. Various other previously undocumented methods have been deprecated and moved inside the project. The new documented public APIs can be considered as stable and can be safely utilized by other projects. [aleksihakli] - Improve documentation layouting and contents. Add public API reference section. [aleksihakli] ```Links
- PyPI: https://pypi.org/project/django-axes - Changelog: https://pyup.io/changelogs/django-axes/ - Repo: https://github.com/jazzband/django-axes