def authenticate(self, username=None, password=None, **kwargs):
if username and locked_username(username):
return None
disable_expired_users()
user = super(StrictModelBackend, self
).authenticate(username=username, password=password,
**kwargs)
return user
def changelist_view(self, request, extra_context=None):
# Disable expired users to make sure the 'is_active' field accuratly
# represents the state of the user
disable_expired_users()
return super(StrictUserAdmin,
self).changelist_view(request, extra_context)
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
remote_addr = self.request.META['REMOTE_ADDR']
logger.info('Authentication attempt, username=%s, address=%s',
username, remote_addr)
if not username and not password:
return self.cleaned_data
attempt = LoginAttempt(
username=username,
source_address=remote_addr,
hostname=self.request.get_host()[:100],
successful=False,
lockout=True)
if not username:
logger.warning(u'Authentication failure, address=%s, '
'no username supplied.',
remote_addr)
attempt.save()
return self.cleaned_data
if not password:
logger.warning(u'Authentication failure, username=%s, '
'address=%s, no password supplied.',
username, remote_addr)
attempt.save()
return self.cleaned_data
if locked_username(username):
logger.warning(u'Authentication failure, username=%s, address=%s, '
'username locked', username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['username_locked_out'],
'username_locked_out')
if locked_remote_addr(remote_addr):
logger.warning(u'Authentication failure, username=%s, address=%s, '
'address locked', username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['address_locked_out'],
'address_locked_out')
disable_expired_users()
self.user_cache = authenticate(username=username,
password=password)
if self.user_cache is None:
logger.warning(u'Authentication failure, username=%s, '
'address=%s, invalid authentication.',
username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['invalid_login'] % {
'username': self.username_field.verbose_name},
code='invalid_login')
if not self.user_cache.is_active:
logger.warning(u'Authentication failure, username=%s, '
'address=%s, user inactive.',
username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive')
# Authentication was successful
logger.info(u'Authentication success, username=%s, address=%s',
username, remote_addr)
attempt.successful = True
attempt.lockout = False
attempt.user = self.user_cache
attempt.save()
# Reset lockout counts for IP address and username
LoginAttempt.objects.filter(username=username,
lockout=True).update(lockout=False)
LoginAttempt.objects.filter(source_address=remote_addr,
lockout=True).update(lockout=False)
return self.cleaned_data
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
remote_addr = self.request.META['REMOTE_ADDR']
logger.info('Authentication attempt, username=%s, address=%s',
username, remote_addr)
if not username and not password:
return self.cleaned_data
attempt = LoginAttempt(username=username,
source_address=remote_addr,
hostname=self.request.get_host()[:100],
successful=False,
lockout=True)
if not username:
logger.warning(
u'Authentication failure, address=%s, '
'no username supplied.', remote_addr)
attempt.save()
return self.cleaned_data
if not password:
logger.warning(
u'Authentication failure, username=%s, '
'address=%s, no password supplied.', username, remote_addr)
attempt.save()
return self.cleaned_data
if locked_username(username):
logger.warning(
u'Authentication failure, username=%s, address=%s, '
'username locked', username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['username_locked_out'],
'username_locked_out')
if locked_remote_addr(remote_addr):
logger.warning(
u'Authentication failure, username=%s, address=%s, '
'address locked', username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['address_locked_out'],
'address_locked_out')
disable_expired_users()
self.user_cache = authenticate(username=username, password=password)
if self.user_cache is None:
logger.warning(
u'Authentication failure, username=%s, '
'address=%s, invalid authentication.', username, remote_addr)
attempt.save()
raise forms.ValidationError(
self.error_messages['invalid_login'] %
{'username': self.username_field.verbose_name},
code='invalid_login')
if not self.user_cache.is_active:
logger.warning(
u'Authentication failure, username=%s, '
'address=%s, user inactive.', username, remote_addr)
attempt.save()
raise forms.ValidationError(self.error_messages['inactive'],
code='inactive')
# Authentication was successful
logger.info(u'Authentication success, username=%s, address=%s',
username, remote_addr)
attempt.successful = True
attempt.lockout = False
attempt.user = self.user_cache
attempt.save()
# Reset lockout counts for IP address and username
LoginAttempt.objects.filter(username=username,
lockout=True).update(lockout=False)
LoginAttempt.objects.filter(source_address=remote_addr,
lockout=True).update(lockout=False)
return self.cleaned_data
def changelist_view(self, request, extra_context=None):
# Disable expired users to make sure the 'is_active' field accuratly
# represents the state of the user
disable_expired_users()
return super(StrictUserAdmin, self).changelist_view(request,
extra_context)