Add django-axes package with custom serializer

2025-02-06 21:20:32 +03:00 · 2019-07-03 11:09:15 -04:00 · 2019-07-03 11:09:15 -04:00 · 3e8a7e308c
commit 3e8a7e308c
parent f0b96a8aa7
10 changed files with 64 additions and 4 deletions
--- a/demo/demo/settings.py
+++ b/demo/demo/settings.py
@ -31,7 +31,7 @@ INSTALLED_APPS = (
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
-    # 'django.contrib.messages',
+    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',

@ -39,12 +39,15 @@ INSTALLED_APPS = (
    'rest_framework.authtoken',
    'rest_auth',

+
    'allauth',
    'allauth.account',
    'rest_auth.registration',
    'allauth.socialaccount',
    'allauth.socialaccount.providers.facebook',
    'rest_framework_swagger',
+
+    'axes',
 )

 MIDDLEWARE = (
@ -54,10 +57,9 @@ MIDDLEWARE = (
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
-)

-# For backwards compatibility for Django 1.8
-MIDDLEWARE_CLASSES = MIDDLEWARE
+    'axes.middleware.AxesMiddleware',
+)

 ROOT_URLCONF = 'demo.urls'

@ -127,3 +129,27 @@ SWAGGER_SETTINGS = {
    'LOGIN_URL': 'login',
    'LOGOUT_URL': 'logout',
 }
+
+AUTHENTICATION_BACKENDS = [
+
+    # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
+    'axes.backends.AxesBackend',
+
+    # Required for rest-auth when using Axes to prevent 'Unable to log in with provided credentials.'
+    'allauth.account.auth_backends.AuthenticationBackend',
+
+    # Django ModelBackend is the default authentication backend.
+    'django.contrib.auth.backends.ModelBackend',
+]
+
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
+        'LOCATION': 'django_database_cache',
+    }
+}
+
+REST_AUTH_SERIALIZERS = {
+    'LOGIN_SERIALIZER': 'myapp.serializers.RestAuthLoginSerializer',
+    # 'TOKEN_SERIALIZER': 'path.to.custom.TokenSerializer',
+}
--- a/demo/myapp/init.py
+++ b/demo/myapp/init.py
--- a/demo/myapp/admin.py
+++ b/demo/myapp/admin.py
@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/demo/myapp/apps.py
+++ b/demo/myapp/apps.py
@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class MyappConfig(AppConfig):
+    name = 'myapp'
--- a/demo/myapp/migrations/init.py
+++ b/demo/myapp/migrations/init.py
--- a/demo/myapp/models.py
+++ b/demo/myapp/models.py
@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
--- a/demo/myapp/serializers.py
+++ b/demo/myapp/serializers.py
@ -0,0 +1,16 @@
+from axes.helpers import get_lockout_message
+from rest_auth import serializers
+from rest_auth.serializers import LoginSerializer
+from rest_framework import exceptions
+
+
+# noinspection PyAbstractClass
+class RestAuthLoginSerializer(LoginSerializer):
+
+    def validate(self, attrs):
+        try:
+            attrs = super().validate(attrs)
+        except exceptions.ValidationError:
+            if getattr(self.context['request'], 'axes_locked_out', None):
+                raise serializers.ValidationError(get_lockout_message())
+        return attrs
--- a/demo/myapp/tests.py
+++ b/demo/myapp/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/demo/myapp/views.py
+++ b/demo/myapp/views.py
@ -0,0 +1,3 @@
+from django.shortcuts import render
+
+# Create your views here.
--- a/demo/requirements.txt
+++ b/demo/requirements.txt
@ -4,3 +4,4 @@ djangorestframework>=3.9.4
 django-allauth>=0.39.1
 six==1.12.0
 django-rest-swagger==2.2.0
+django-axes==5.0.7