def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account."""
address = get_ip_address(request)
audit = AuditLog.objects.create(user, activity, address, **kwargs)
if audit.should_notify():
send_notification_email(
user.profile.language,
user.email,
'account_activity',
context={'message': audit.get_message()},
info='{0} from {1}'.format(activity, address),
)
# Handle login rate limiting
if activity == 'failed-auth' and user.has_usable_password():
kwargs = {}
try:
latest_login = AuditLog.objects.filter(
user=user, activity='login'
)[0]
kwargs['timestamp__gte'] = latest_login.timestamp
except IndexError:
pass
failures = AuditLog.objects.filter(
user=user,
activity='failed-auth',
**kwargs
)
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
user.set_unusable_password()
user.save(update_fields=['password'])
notify_account_activity(user, request, 'locked')
def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account.
Returns whether the activity should be rate limited."""
address = get_ip_address(request)
audit = AuditLog.objects.create(user, activity, address, **kwargs)
if audit.should_notify():
profile = Profile.objects.get_or_create(user=user)[0]
send_notification_email(
profile.language,
user.email,
'account_activity',
context={'message': audit.get_message()},
info='{0} from {1}'.format(activity, address),
)
# Handle rate limiting
if activity == 'failed-auth' and user.has_usable_password():
failures = AuditLog.objects.get_after(user, 'login', 'failed-auth')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
user.set_unusable_password()
user.save(update_fields=['password'])
notify_account_activity(user, request, 'locked')
return True
elif activity == 'reset-request':
failures = AuditLog.objects.get_after(user, 'login', 'reset-request')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
return True
return False
def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account."""
address = get_ip_address(request)
audit = AuditLog.objects.create(user, activity, address, **kwargs)
if audit.should_notify():
send_notification_email(
user.profile.language,
user.email,
'account_activity',
context={'message': audit.get_message()},
info='{0} from {1}'.format(activity, address),
)
# Handle login rate limiting
if activity == 'failed-auth' and user.has_usable_password():
kwargs = {}
try:
latest_login = AuditLog.objects.filter(user=user,
activity='login')[0]
kwargs['timestamp__gte'] = latest_login.timestamp
except IndexError:
pass
failures = AuditLog.objects.filter(user=user,
activity='failed-auth',
**kwargs)
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
user.set_unusable_password()
user.save(update_fields=['password'])
notify_account_activity(user, request, 'locked')
def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account."""
kwargs['message'] = ACCOUNT_ACTIVITY[activity].format(**kwargs)
send_notification_email(
user.profile.language,
user.email,
'account_activity',
context=kwargs,
info='{0} from {1}'.format(activity, get_ip_address(request)),
)
def is_spam(text, request):
"""Generic spam checker interface."""
if settings.AKISMET_API_KEY:
from akismet import Akismet
akismet = Akismet(
settings.AKISMET_API_KEY,
get_site_url()
)
return akismet.comment_check(
get_ip_address(request),
request.META.get('HTTP_USER_AGENT', ''),
comment_content=text,
comment_type='comment'
)
return False
def test_get_ip_proxy(self):
request = FakeRequest()
self.assertEqual(
get_ip_address(request),
'7.8.9.0'
)
def test_get_ip(self):
request = FakeRequest()
self.assertEqual(
get_ip_address(request),
'1.2.3.4'
)
def test_get_ip_proxy(self):
request = FakeRequest()
self.assertEqual(
get_ip_address(request),
'7.8.9.0'
)
def test_get_ip(self):
request = FakeRequest()
self.assertEqual(
get_ip_address(request),
'1.2.3.4'
)
