Merge 70fa41f into 20d2f96

jazzband · Jan 2, 2015 · 019e314 · 019e314
2 parents 20d2f96 + 70fa41f
commit 019e314
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/defender/connection.py b/defender/connection.py
@@ -1,7 +1,7 @@
 import redis
 try:
     import urlparse
-except ImportError:
+except ImportError:  # pragma: no cover
     import urllib.parse as urlparse  # pragma: no cover
 
 from . import config

diff --git a/defender/tests.py b/defender/tests.py
@@ -41,6 +41,9 @@ class AccessAttemptTest(TestCase):
     """
     VALID_USERNAME = 'valid'
     LOCKED_MESSAGE = 'Account locked: too many login attempts.'
+    PERMANENT_LOCKED_MESSAGE = (
+        LOCKED_MESSAGE + '  Contact an admin to unlock your account.'
+    )
 
     def _get_random_str(self):
         """ Returns a random str """
@@ -208,6 +211,22 @@ def test_failed_login_redirect_to_URL_local(self):
         self.assertEquals(response.status_code, 302)
         self.assertEquals(response['Location'], 'http://testserver/o/login/')
 
+    @patch('defender.config.COOLOFF_TIME', 0)
+    def test_failed_login_no_cooloff(self):
+        for i in range(0, config.FAILURE_LIMIT):
+            response = self._login()
+            # Check if we are in the same login page
+            self.assertContains(response, LOGIN_FORM_KEY)
+
+        # So, we shouldn't have gotten a lock-out yet.
+        # But we should get one now, check redirect make sure it is valid.
+        response = self._login()
+        self.assertContains(response, self.PERMANENT_LOCKED_MESSAGE)
+
+        # doing a get should also get locked out message
+        response = self.client.get(ADMIN_LOGIN_URL)
+        self.assertContains(response, self.PERMANENT_LOCKED_MESSAGE)
+
     def test_is_valid_ip(self):
         """ Test the is_valid_ip() method
         """

diff --git a/defender/utils.py b/defender/utils.py
@@ -101,7 +101,8 @@ def increment_key(key):
     """ given a key increment the value """
     # TODO make this one transaction, not two different ones.
     new_value = redis_server.incr(key, 1)
-    redis_server.expire(key, config.COOLOFF_TIME)
+    if config.COOLOFF_TIME:
+        redis_server.expire(key, config.COOLOFF_TIME)
     return new_value
 
 
@@ -129,13 +130,19 @@ def get_user_attempts(request):
 def block_ip(ip):
     """ given the ip, block it """
     key = get_ip_blocked_cache_key(ip)
-    redis_server.set(key, 'blocked', config.COOLOFF_TIME)
+    if config.COOLOFF_TIME:
+        redis_server.set(key, 'blocked', config.COOLOFF_TIME)
+    else:
+        redis_server.set(key, 'blocked')
 
 
 def block_username(username):
     """ given the username block it. """
     key = get_username_blocked_cache_key(username)
-    redis_server.set(key, 'blocked', config.COOLOFF_TIME)
+    if config.COOLOFF_TIME:
+        redis_server.set(key, 'blocked', config.COOLOFF_TIME)
+    else:
+        redis_server.set(key, 'blocked')
 
 
 def record_failed_attempt(ip, username):