Skip to content

Commit

Permalink
#1093: "AXES_SENSITIVE_PARAMETERS" now have sensible defaults to foll…
Browse files Browse the repository at this point in the history 
…ow "privacy-by-design"
  • Loading branch information
@aleksihakli
Ronny Vedrilla authored and aleksihakli committed Jul 30, 2023
1 parent ab78724 commit e9db2d9
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion axes/conf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@
settings.AXES_SENSITIVE_PARAMETERS = getattr(
settings,
"AXES_SENSITIVE_PARAMETERS",
[],
["username", "ip_address"],
)

# set the callable for the readable string that can be used in
Expand Down
2 changes: 1 addition & 1 deletion docs/4_configuration.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ The following ``settings.py`` options are available for customizing Axes behavio
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_PASSWORD_FORM_FIELD | 'password' | The name of the form or credentials field that contains your users password. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_SENSITIVE_PARAMETERS | [] | Configures POST and GET parameter values (in addition to the value of ``AXES_PASSWORD_FORM_FIELD``) to mask in login attempt logging. |
| AXES_SENSITIVE_PARAMETERS | ["username", "ip_address"] | Configures POST and GET parameter values (in addition to the value of ``AXES_PASSWORD_FORM_FIELD``) to mask in login attempt logging. Defaults enable privacy-by-design. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AXES_NEVER_LOCKOUT_GET | False | If ``True``, Axes will never lock out HTTP GET requests. |
+------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Expand Down
3 changes: 3 additions & 0 deletions tests/test_helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ def test_iso8601(self):
self.assertEqual(get_cool_off_iso8601(delta), iso_duration)


@override_settings(AXES_SENSITIVE_PARAMETERS=[])
class ClientStringTestCase(AxesTestCase):
@staticmethod
def get_expected_client_str(*args, **kwargs):
Expand Down Expand Up @@ -1020,6 +1021,7 @@ def setUp(self):
"other_sensitive_data": "sensitive",
}

@override_settings(AXES_SENSITIVE_PARAMETERS=[])
def test_cleanse_parameters(self):
cleansed = cleanse_parameters(self.parameters)
self.assertEqual("test_user", cleansed["username"])
Expand All @@ -1041,6 +1043,7 @@ def test_cleanse_parameters_override_both(self):
self.assertEqual("********************", cleansed["password"])
self.assertEqual("********************", cleansed["other_sensitive_data"])

@override_settings(AXES_SENSITIVE_PARAMETERS=[])
@override_settings(AXES_PASSWORD_FORM_FIELD=None)
def test_cleanse_parameters_override_empty(self):
cleansed = cleanse_parameters(self.parameters)
Expand Down

0 comments on commit e9db2d9

Please sign in to comment.