forked from jazzband/django-axes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES.txt
371 lines (238 loc) · 8.5 KB
/
CHANGES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
Changes
=======
2.3.1 (2016-11-12)
------------------
- Added settings for disabling success accesslogs
[Minkey27]
- Fixed illegal IP address string passed to inet_pton
[samkuehn]
2.3.0 (2016-11-04)
------------------
- Fixed ``axes_reset`` management command to skip "ip" prefix to command
arguments.
[EvaMarques]
- Added ``axes_reset_user`` management command to reset lockouts and failed
login records for given users.
[vladimirnani]
- Fixed Travis-PyPI release configuration.
[jezdez]
- Make IP position argument optional.
[aredalen]
- Added possibility to disable access log
[svenhertle]
- Fix for IIS used as reverse proxy adding port number
[Dmitri-Sintsov]
- Made the signal race condition safe.
[Minkey27]
- Added AXES_ONLY_USER_FAILURES to support only looking at the user ID.
[lip77us]
2.2.0 (2016-07-20)
------------------
- Improve the logic when using a reverse proxy to avoid possible attacks.
[camilonova]
2.1.0 (2016-07-14)
------------------
- Add `default_app_config` so you can just use `axes` in `INSTALLED_APPS`
[vdboor]
2.0.0 (2016-06-24)
------------------
- Removed middleware to use app_config
[camilonova]
- Lots of cleaning
[camilonova]
- Improved test suite and versions
[camilonova]
1.7.0 (2016-06-10)
------------------
- Use render shortcut for rendering LOCKOUT_TEMPLATE
[Radosław Luter]
- Added app_label for RemovedInDjango19Warning
[yograterol]
- Add iso8601 translator.
[mullakhmetov]
- Edit json response. Context now contains ISO 8601 formatted cooloff time
[mullakhmetov]
- Add json response and iso8601 tests.
[mullakhmetov]
- Fixes issue 162: UnicodeDecodeError on pip install
[joeribekker]
- Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.
[joeribekker]
1.6.1 (2016-05-13)
------------------
- Fixes whitelist check when BEHIND_REVERSE_PROXY
[Patrick Hagemeister]
- Made migrations py3 compatible
[mvdwaeter]
- Fixing #126, possibly breaking compatibility with Django<=1.7
[int-ua]
- Add note for upgrading users about new migration files
[kelseyq]
- Fixes #148
[camilonova]
- Decorate auth_views.login only once
[teeberg]
- Set IP public/private classifier to be compliant with RFC 1918.
[SilasX]
- Issue #155. Lockout response status code changed to 403.
[Артур Муллахметов]
- BUGFIX: Missing migration
[smeinel]
1.6.0 (2016-01-07)
------------------
- Stopped using render_to_response so that other template engines work
[tarkatronic]
- Improved performance & DoS prevention on query2str
[tarkatronic]
- Immediately return from is_already_locked if the user is not lockable
[jdunck]
- Iterate over ip addresses only once
[annp89]
- added initial migration files to support django 1.7 &up. Upgrading users should run migrate --fake-initial after update
[ibaguio]
- Add db indexes to CommonAccess model
[Schweigi]
1.5.0 (2015-09-11)
------------------
- Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True
[afioca]
1.4.0 (2015-08-09)
------------------
- Send the user_locked_out signal. Fixes #94.
[toabi]
1.3.9 (2015-02-11)
------------------
- Python 3 fix (#104)
1.3.8 (2014-10-07)
------------------
- Rename GitHub organization from django-security to django-pci to emphasize focus on providing assistance with building PCI compliant websites with Django.
[aclark4life]
1.3.7 (2014-10-05)
------------------
- Explain common issues where Axes fails silently
[cericoda]
- Allow for user-defined username field for lookup in POST data
[SteveByerly]
- Log out only if user was logged in
[zoten]
- Support for floats in cooloff time (i.e: 0.1 == 6 minutes)
[marianov]
- Limit amount of POST data logged (#73). Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names.
[peterkuma]
- Improve get_ip to try for real ip address
[7wonders]
- Change IPAddressField to GenericIPAddressField. When using a PostgreSQL database and the client does not pass an IP address you get an inet error. This is a known problem with PostgreSQL and the IPAddressField. https://code.djangoproject.com/ticket/5622. It can be fixed by using a GenericIPAddressField instead.
[polvoblanco]
- Get first X-Forwarded-For IP
[tutumcloud]
- White listing IP addresses behind reverse proxy. Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list.
[ericbulloch]
- Reduce logging of reverse proxy IP lookup and use configured logger. Fixes #76. Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging.
[eht16]
- Limit the length of the values logged into the database. Refs #73
[camilonova]
- Refactored tests to be more stable and faster
[camilonova]
- Clean client references
[camilonova]
- Fixed admin login url
[camilonova]
- Added django 1.7 for testing
[camilonova]
- Travis file cleanup
[camilonova]
- Remove hardcoded url path
[camilonova]
- Fixing tests for django 1.7
[Andrew-Crosio]
- Fix for django 1.7 exception not existing
[Andrew-Crosio]
- Removed python 2.6 from testing
[camilonova]
- Use django built-in six version
[camilonova]
- Added six as requirement
[camilonova]
- Added python 2.6 for travis testing
[camilonova]
- Replaced u string literal prefixes with six.u() calls
[amrhassan]
- Fixes object type issue, response is not an string
[camilonova]
- Python 3 compatibility fix for db_reset
[nicois]
- Added example project and helper scripts
[barseghyanartur]
- Admin command to list login attemps
[marianov]
- Replaced six imports with django.utils.six ones
[amrhassan]
- Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2
[amrhassan]
- Replaced `assertIn`s and `assertNotIn`s with `assertContains` and `assertNotContains`
[fcurella]
- Added py3k to travis
[fcurella]
- Update test cases to be python3 compatible
[nicois]
- Python 3 compatibility fix for db_reset
[nicois]
- Removed trash from example urls
[barseghyanartur]
- Added django installer
[barseghyanartur]
- Added example project and helper scripts
[barseghyanartur]
1.3.6 (2013-11-23)
------------------
- Added AttributeError in case get_profile doesn't exist [camilonova]
- Improved axes_reset command [camilonova]
1.3.5 (2013-11-01)
------------------
- Fix an issue with __version__ loading the wrong version [graingert]
1.3.4 (2013-11-01)
------------------
- Update README.rst for PyPI [marty] [camilonova] [graingert]
- Add cooloff period [visualspace]
1.3.3 (2013-07-05)
------------------
- Added 'username' field to the Admin table [bkvirendra]
- Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don't have it is because you explicitly wanted. Fixes #45 [camilonova]
1.3.2 (2013-03-28)
------------------
- Fix an issue when a user logout [camilonova]
- Match pypi version [camilonova]
- Better User model import method [camilonova]
- Use only one place to get the version number [camilonova]
- Fixed an issue when a user on django 1.4 logout [camilonova]
- Handle exception if there is not user profile model set [camilonova]
- Made some cleanup and remove a pokemon exception handling [camilonova]
- Improved tests so it really looks for the rabbit in the hole [camilonova]
- Match pypi version [camilonova]
1.3.1 (2013-03-19)
------------------
- Add support for Django 1.5 [camilonova]
1.3.0 (2013-02-27)
------------------
- Bug fix: get_version() format string [csghormley]
1.2.9 (2013-02-20)
------------------
- Add to and improve test cases [camilonova]
1.2.8 (2013-01-23)
------------------
- Increased http accept header length [jslatts]
1.2.7 (2013-01-17)
------------------
- Reverse proxy support [rmagee]
- Clean up README [martey]
1.2.6 (2012-12-04)
------------------
- Remove unused import [aclark4life]
1.2.5 (2012-11-28)
------------------
- Fix setup.py [aclark4life]
- Added ability to flag user accounts as unlockable. [kencochrane]
- Added ipaddress as a param to the user_locked_out signal. [kencochrane]
- Added a signal receiver for user_logged_out. [kencochrane]
- Added a signal for when a user gets locked out. [kencochrane]
- Added AccessLog model to log all access attempts. [kencochrane]