Comments (8)
It is already using the GenericIPAddressField:
https://github.com/django-pci/django-axes/blob/master/axes/models.py#L9
from django-axes.
Looks like it got fixed in 81bebc4 which was done after the issue was opened.
First release with that fix was 1.3.7 released in early October. So I'm pretty sure we're good here.
@mythmon Want to verify that when you get a chance?
from django-axes.
This is still broken because is_valid_ip() will fail for ipv6 since it's just using socket.inet_aton. BTW using socket.inet_aton directly will also fail to detect bad IP addresses like "127.0"
I would suggest using the built-in django validators (assuming they exist in the versions of django you want to target). I have done this in my fork, so you could easily lift it from there:
aclysma@ae52351
As an aside, that commit also removes the IP sanitization. In my opinion it's much better to let people do that for themselves in middleware for reasons mentioned here: http://django-ratelimit.readthedocs.org/en/latest/security.html#security-chapter
from django-axes.
@aclysma Can you do a PR with those changes?
from django-axes.
Per your request, I sent a pull request, but it includes all my changes, several of which are very opinionated.. you probably don't want to take some of them. It may be easier/safer to just lift the ip address validation code manually.
from django-axes.
FYI the failed test test_log_data_truncated is failing because I removed storing GET/POST params (this is one of those opinionated changes that you likely don't want to take.)
from django-axes.
@aclysma Looks great. Can you please send the PR only with the ip validation changes?
from django-axes.
This should be fixed by now
from django-axes.
Related Issues (20)
- Refactor: use one common function to resolve callable objects HOT 1
- AXES_LOCKOUT_PARAMETERS not working as expected HOT 6
- Username is not present in admin detail pages HOT 4
- TransactionManagementError when writing database is not "default" HOT 2
- axes_accessattemp and axes_accessfailurelog are not recording HOT 3
- Issue templates doesn't work
- Duplicate names for tests in `AxesCoolOffTestCase`
- FEATURE REQUEST: Logging without sensitive data by default (privacy by design) HOT 3
- BUG: IP address behind proxy is not resolved correctly HOT 3
- Check and/or fix RTD PDF build HOT 3
- BUG: AXES_LOCKOUT_PARAMETERS is not working as expected based on parameter. HOT 1
- BUG: Middleware Support for Async Required to Adhere to Django’s Asynchronous Standards HOT 2
- Deprecated: Django-ipware is no longer maintained; move to python-ipware HOT 7
- AXES_LOCKOUT_PARAMETERS = ["username"] with email as username doesn't work HOT 2
- BUG: AXES_PASSWORD_FORM_FIELD fails to redact password field from AccessAttempt.post_data if a custom login form prefix is used. HOT 1
- BUG: Race condition using redis with cooloff enabled HOT 1
- BUG: Setting `AXES_USERNAME_FORM_FIELD` to a custom value fails to fill the username field for `AccessAttempt` HOT 3
- Block specific IP's HOT 1
- BUG: Concurrent session logout are miss-tracked HOT 2
- migrations not reversible HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-axes.