Use a non 200 code for failed login attempts

[AnderssonPeter]

Is your feature request related to a problem? Please describe.

Security

Describe the solution you'd like

Hi I'm trying to lock down my network by using a fail2ban plugin for my reverse proxy (Traefik), but for it to be able to detect incorrect singin attempts it would need a non http 200 code.

Is there someway to configure it to return something different than 200 when the username or password is incorrect?

Describe alternatives you've considered

No response

Additional context

No response

[AnderssonPeter]

If i read the codebase corretly its based on Django? i found the following post providing a possible solution: https://code.djangoproject.com/ticket/24465 but I'm a bit unsure where to add it.

[smilerz]

Unlikely to change the default Django behavior.

[AnderssonPeter]

@smilerz It could be hidden behind a cli or environment flag if that helps?

[vabene1111]

auth is provided by https://docs.allauth.org/en/latest/ in tandoor. Feel free to take a look if they have a setting for status codes and I can implement them, altough I am pretty sure that somebody had a reason to choose the status code they did so please also evaluate whats best practice in this field.

Also allauth already has build in rate limiting functionality so putting fail2ban in front of it is not really necessary.