From c755e91eacd98616b63f5eccce00bee494cce0b1 Mon Sep 17 00:00:00 2001
From: Shen Li <dustet@gmail.com>
Date: Wed, 12 Jul 2023 19:17:03 -0400
Subject: [PATCH] Replace datetime.now with timezone.now

Use `timezone.now` instead of `datetime.now` when constructing datetime objects. `timezone.now` ensures the timezone-awareness to be consistent with `settings.USE_TZ`
---
 defender/data.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/defender/data.py b/defender/data.py
index 2bdac46..a86037e 100644
--- a/defender/data.py
+++ b/defender/data.py
@@ -1,8 +1,9 @@
-from datetime import datetime, timedelta
+from datetime import timedelta
 
 from defender import config
 from .models import AccessAttempt
 from django.db.models import Q
+from django.utils import timezone
 
 
 def store_login_attempt(
@@ -39,7 +40,7 @@ def get_approx_account_lockouts_from_login_attempts(ip_address=None, username=No
         # None we should return 0.
         return 0
 
-    q = Q(attempt_time__gte=datetime.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION))
+    q = Q(attempt_time__gte=timezone.now() - timedelta(hours=config.ACCESS_ATTEMPT_EXPIRATION))
     failure_limit = config.FAILURE_LIMIT
     if (ip_address and username and config.LOCKOUT_BY_IP_USERNAME \
         and not config.DISABLE_IP_LOCKOUT and not config.DISABLE_USERNAME_LOCKOUT
@@ -56,4 +57,4 @@ def get_approx_account_lockouts_from_login_attempts(ip_address=None, username=No
         # conditions, we're in an inappropriate context.
         raise Exception("Invalid state requested")
 
-    return AccessAttempt.objects.filter(q).count() // failure_limit
\ No newline at end of file
+    return AccessAttempt.objects.filter(q).count() // failure_limit