Added django-axes for failed login monitoring.

This commit is contained in:
Josh W 2020-02-16 13:27:49 -05:00
parent 50242e4c2e
commit 2b3b21c6d8
2 changed files with 31 additions and 0 deletions

View file

@ -3,9 +3,12 @@ asgiref>=3.2.3
cffi>=1.13.2 cffi>=1.13.2
dj-database-url>=0.5.0 dj-database-url>=0.5.0
Django>=3.0.2 Django>=3.0.2
django-appconf>=1.0.3
django-axes>=5.2.2
django-debreach>=2.0.1 django-debreach>=2.0.1
django-dynamic-preferences>=1.8.1 django-dynamic-preferences>=1.8.1
django-inline-actions>=2.3.0 django-inline-actions>=2.3.0
django-ipware==2.1.0
djangorestframework>=3.11.0 djangorestframework>=3.11.0
persisting-theory>=0.2.1 persisting-theory>=0.2.1
psycopg2-binary>=2.8.4 psycopg2-binary>=2.8.4

View file

@ -2,6 +2,7 @@
Django settings file. Django settings file.
''' '''
import datetime
import os import os
from decouple import config, Csv from decouple import config, Csv
@ -38,6 +39,11 @@ AUTH_PASSWORD_VALIDATORS = [
AUTH_USER_MODEL = 'core.RadioUser' AUTH_USER_MODEL = 'core.RadioUser'
AUTHENTICATION_BACKENDS = [
'axes.backends.AxesBackend',
'django.contrib.auth.backends.ModelBackend',
]
DATABASES = { DATABASES = {
'default': config( 'default': config(
'DATABASE_URL', 'DATABASE_URL',
@ -57,6 +63,7 @@ INSTALLED_APPS = [
'django.contrib.messages', 'django.contrib.messages',
'django.contrib.staticfiles', 'django.contrib.staticfiles',
'axes',
'dynamic_preferences', 'dynamic_preferences',
'rest_framework', 'rest_framework',
'rest_framework.authtoken', 'rest_framework.authtoken',
@ -78,6 +85,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'axes.middleware.AxesMiddleware',
] ]
PASSWORD_HASHERS = [ PASSWORD_HASHERS = [
@ -124,6 +132,26 @@ USE_TZ = True
WSGI_APPLICATION = 'savepointradio.wsgi.application' WSGI_APPLICATION = 'savepointradio.wsgi.application'
#
# Django-Axes settings
#
AXES_COOLOFF_TIME = datetime.timedelta(minutes=15)
AXES_ENABLED = True
AXES_FAILURE_LIMIT = 5
AXES_LOCK_OUT_AT_FAILURE = True
AXES_META_PRECEDENCE_ORDER = [
'HTTP_X_FORWARDED_FOR',
'HTTP_X_REAL_IP',
'REMOTE_ADDR',
]
AXES_PROXY_COUNT = 1
# #
# Django Rest Framework settings # Django Rest Framework settings
# #