Skip to content
This repository has been archived by the owner on Mar 15, 2021. It is now read-only.

Update django-axes to 5.13.1 #414

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

pyup-bot
Copy link
Contributor

This PR updates django-axes from 4.5.4 to 5.13.1.

Changelog

5.13.1

-------------------

- Default ``AXES_VERBOSE`` to ``AXES_ENABLED`` configuration setting,
disabling verbose startup logging when Axes itself is disabled.
[christianbundy]
- Update documentation.
[KStenK]

5.13.0

-------------------

- Add support for resetting attempts with cache backend.
[nattyg93]

5.12.0

-------------------

- Clean up test structure and migrate tests outside
the main package for a smaller wheel distributions.
[aleksihakli]
- Move configuration to pyproject.toml for cleaner layout.
[aleksihakli]
- Clean up test settings override configuration.
[hramezani]

5.11.1

-------------------

- Fix cache entry creations for None username.
[cabarnes]

5.11.0

-------------------

- Add lockout view CORS support with ``AXES_ALLOWED_CORS_ORIGINS`` configuration flag.
[vladox]
- Add missing ``wraps`` decorator to ``axes.decorators.axes_dispatch``.
[aleksihakli]

5.10.1

-------------------

- Add ``DEFAULT_AUTO_FIELD`` to test settings.
[hramezani]
- Fix documentation language.
[danielquinn] 
- Fix Python package version specifiers and remove redundant imports.
[aleksihakli]

5.10.0

-------------------

- Deprecate stock DRF support from 5.8.0,
require users to set it up per project.
Check the documentation for more information.
[aleksihakli]

5.9.1

------------------

- Move tests to GitHub Actions
[jezdez]
- Fix running Axes code in middleware when ``AXES_ENABLED`` is ``False``.
[ashokdelphia]

5.9.0

------------------

- Add Python 3.9 support.
[hramezani]
- Prevent ``AccessAttempt`` creation with database handler when
username is not set and ``AXES_ONLY_USER_FAILURES`` setting is not set.
[hramezani]

5.8.0

------------------

- Improve Django REST Framework (DRF) integration.
[Anatoly]

5.7.1

------------------

- Adjust settings import and handling chain
for cleaner module import and invocation order.
[aleksihakli]
- Adjust the use of ``AXES_ENABLED`` flag so that
imports are always done the same way and initial log
is written regardless of the setting and it only affects
code that is decorated or wrapped with ``toggleable``.
[alekshakli]

5.7.0

------------------

- Deprecate ``AXES_LOGGER`` Axes setting and move to ``__name__``
based logging and fully qualified Python module name log identifiers.
[aleksihakli]

5.6.2

------------------

- Fix regression in ``axes_reset_user`` management command.
[aleksihakli]

5.6.1

------------------

- Improve test dependency management and upgrade black code formatter.
[smithdc1]

5.6.0

------------------

- Add proper development ``subTest`` support via ``pytest-subtests`` package.
[smithdc1]
- Deprecate ``django-appconf`` and use plain settings for Axes.
[aleksihakli]

5.5.2

------------------

- Update deprecating use of the ``request.is_ajax`` method.
[smithdc1]

5.5.1

------------------

- Update deprecated uses of Django modules and members.
[smithdc1]

5.5.0

------------------

- Add support for locking requests based on
username OR IP address with inclusive or
using the ``LOCK_OUT_BY_USER_OR_IP`` flag.
[PetrDlouhy]
- Deprecate Signal ``providing_args`` for Django 3.1 support.
[coredumperror]

5.4.3

------------------

- Add Django 3.1 support.
[hramezani]

5.4.2

------------------

- Add ABC or abstract base class implementation for handlers.
[jorlugaqui]

5.4.1

------------------

- Fix code styling for linters.
[aleksihakli]

5.4.0

------------------

- Propagate username to lockout view in URL parameters.
[PetrDlouhy]
- Update CAPTCHA examples.
[PetrDlouhy]
- Upgrade django-ipware to version 3.
[hramezani,mnislam01]

5.3.5

------------------

- Restrict ipware version for version compatibility.
[aleksihakli]

5.3.4

------------------

- Deprecate Django 1.11 LTS support.
[aleksihakli]

5.3.3

------------------

- Fix ``AXES_ONLY_ADMIN_SITE`` functionality when
no default admin site is defined in the URL configuration.
[igor-shevchenko]

5.3.2

------------------

- Fix AppConf settings prefix for Fargate.
[marksweb]

5.3.1

------------------

- Fix null byte ValueError bug in ORM.
[ddimmich]

5.3.0

------------------

- Improve Django REST Framework compatibility.
[I0x4dI]

5.2.2

------------------

- Add missing proxy implementation for
``axes.handlers.proxy.AxesProxyHandler.get_failures``.
[aleksihakli]

5.2.1

------------------

- Add django-reversion compatibility notes.
[mark-mishyn]
- Add pluggable lockout responses and the
``AXES_LOCKOUT_CALLABLE`` configuration flag.
[aleksihakli]

5.2.0

------------------

- Add a test handler.
[aidanlister]

5.1.0

------------------

- Add pluggable user account whitelisting and the
``AXES_WHITELIST_CALLABLE`` configuration flag.
[aleksihakli]

5.0.20

-------------------

- Fix django-allauth compatibility issue.
[hramezani]
- Improve tests for login attempt monitoring.
[hramezani]
- Add reverse proxy documentation.
[ckcollab]
- Update OAuth documentation examples.
[aleksihakli]

5.0.19

-------------------

- Optimize access attempt fetching in database handler.
[hramezani]
- Optimize request data fetching in proxy handler.
[hramezani]

5.0.18

-------------------

- Add ``cooloff_timedelta`` context variable to lockout responses.
[jstockwin]

5.0.17

-------------------

- Safer string formatting for user input.
[aleksihakli]

5.0.16

-------------------

- Fix string formatting bug in logging.
[zerolab]

5.0.15

-------------------

- Add ``AXES_ENABLE_ADMIN`` flag.
[flannelhead]

5.0.14

-------------------

- Docs, CI pipeline, and code formatting improvements
[aleksihakli]

5.0.13

-------------------

- Python 3.8 and PyPy support.
[aleksihakli]
- Migrate to ``setuptools_scm`` and automatic versioning.
[aleksihakli]

5.0.12

-------------------

- Support callables for ``AXES_COOLOFF_TIME`` setting.
[DariaPlotnikova]

5.0.11

-------------------

- Fix typo in rST formatting that prevented 5.0.10 release to PyPI.
[aleksihakli]

5.0.10

-------------------

- Refactor type checks for ``axes.helpers.get_client_cache_key``
for framework compatibility, fixes 471.
[aleksihakli]

5.0.9

------------------

- Add better handling for attempt and log resets by moving them
into handlers which allows customization and more configurability.
Unimplemented handlers raise ``NotImplementedError`` by default.
[aleksihakli]
- Add Python 3.8 dev version and PyPy to the Travis test matrix.
[aleksihakli]

5.0.8

------------------

- Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site.
[hramezani]
- Add ``axes_reset_logs`` command for removing old AccessLog records.
[tlebrize]
- Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check.
[adamchainz]

5.0.7

------------------

- Fix lockout message showing when lockout is disabled
with the ``AXES_LOCK_OUT_AT_FAILURE`` setting.
[mogzol]

- Add support for callable ``AXES_FAILURE_LIMIT`` setting.
[bbayles]

5.0.6

------------------

- Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of
``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality.
Update documentation to better reflect the behaviour of the flag.
[aleksihakli]

5.0.5

------------------

- Change the lockout response calculation to request flagging
instead of exception throwing in the signal handler and middleware.
Move request attribute calculation from middleware to handler layer.
Deprecate ``axes.request.AxesHttpRequest`` object type definition.
[aleksihakli]

- Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class.
[aleksihakli]

- Improve documentation on attempt tracking, resets, Axes customization,
project and component compatibility and integrations, and other things.
[aleksihakli]

5.0.4

------------------

- Fix regression with OAuth2 authentication backends not having remote
IP addresses set and throwing an exception in cache key calculation.
[aleksihakli]

5.0.3

------------------

- Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality
so that they work with the handlers without the an ``AxesHttpRequest``
to improve cross compatibility with other Django applications.
[aleksihakli]

- Change IP address resolution to allow empty or missing addresses.
[aleksihakli]

- Add error logging for missing request attributes in the handler layer
so that users get better indicators of misconfigured applications.
[aleksihakli]

5.0.2

------------------

- Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests
that use Django test client ``login``, ``logout``, and ``force_login``
methods, which do not supply the ``request`` argument to views,
preventing Axes from functioning correctly in certain test setups.
[aleksihakli]

5.0.1

------------------

- Add changelog to documentation.
[aleksihakli]

5.0

----------------

- Deprecate Python 2.7, 3.4 and 3.5 support.
[aleksihakli]

- Remove automatic decoration and monkey-patching of Django views and forms.
Decorators are available for login function and method decoration as before.
[aleksihakli]

- Use backend, middleware, and signal handlers for tracking
login attempts and implementing user lockouts.
[aleksihakli, jorlugaqui, joshua-s]

- Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler``
handler backends for processing user login and logout events and failures.
Handlers are configurable with the ``AXES_HANDLER`` setting.
[aleksihakli, jorlugaqui, joshua-s]

- Improve management commands and separate commands for resetting
all access attempts, attempts by IP, and attempts by username.
New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``.
[aleksihakli]

- Add support for string import for ``AXES_USERNAME_CALLABLE``
that supports dotted paths in addition to the old
callable type such as a function or a class method.
[aleksihakli]

- Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``.
From now on, the callable needs to accept two arguments,
the HttpRequest and credentials that are supplied to the
Django ``authenticate`` method in authentication backends.
[aleksihakli]

- Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``.
Various other previously undocumented methods have been deprecated and moved inside the project.
The new documented public APIs can be considered as stable and can be safely utilized by other projects.
[aleksihakli]

- Improve documentation layouting and contents. Add public API reference section.
[aleksihakli]
Links

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant