From 27ea845bbb40196ef81c05e66d7b2f9d6e18dae2 Mon Sep 17 00:00:00 2001 From: "Christopher C. Wells" Date: Mon, 21 Jun 2021 20:41:23 -0700 Subject: [PATCH] Add basic log in brute force protection --- Pipfile | 17 +++++++++-------- babybuddy/settings/base.py | 17 +++++++++++++++++ requirements.txt | 16 +++++++++------- 3 files changed, 35 insertions(+), 15 deletions(-) diff --git a/Pipfile b/Pipfile index 2c6844014..beb707bcf 100644 --- a/Pipfile +++ b/Pipfile @@ -3,23 +3,24 @@ verify_ssl = true url = "https://pypi.python.org/simple" [packages] +boto3 = "*" +dj-database-url = "*" django = "*" -djangorestframework = "*" +django-axes = "*" django-filter = "*" +django-import-export = "*" +django-storages = "*" django-widget-tweaks = "*" -plotly = "*" +djangorestframework = "*" +easy-thumbnails = "*" faker = "*" -dj-database-url = "*" gunicorn = "*" -whitenoise = "*" +plotly = "*" psycopg2-binary = "*" -easy-thumbnails = "*" python-dotenv = "*" -django-storages = "*" -boto3 = "*" -django-import-export = "*" pyyaml = "*" uritemplate = "*" +whitenoise = "*" [dev-packages] coveralls = "*" diff --git a/babybuddy/settings/base.py b/babybuddy/settings/base.py index 9a0e7e40c..d90b3be57 100644 --- a/babybuddy/settings/base.py +++ b/babybuddy/settings/base.py @@ -35,6 +35,7 @@ 'dashboard', 'reports', + 'axes', 'django_filters', 'rest_framework', 'rest_framework.authtoken', @@ -67,6 +68,7 @@ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'axes.middleware.AxesMiddleware', ] @@ -127,6 +129,11 @@ # Authentication # https://docs.djangoproject.com/en/3.0/topics/auth/default/ +AUTHENTICATION_BACKENDS = [ + 'axes.backends.AxesBackend', + 'django.contrib.auth.backends.ModelBackend', +] + LOGIN_REDIRECT_URL = '/' LOGIN_URL = '/login/' @@ -244,9 +251,18 @@ # See https://django-import-export.readthedocs.io/ IMPORT_EXPORT_IMPORT_PERMISSION_CODE = 'add' + IMPORT_EXPORT_EXPORT_PERMISSION_CODE = 'change' + IMPORT_EXPORT_USE_TRANSACTIONS = True +# Axes configuration +# See https://django-axes.readthedocs.io/en/latest/4_configuration.html + +AXES_COOLOFF_TIME = 1 + +AXES_FAILURE_LIMIT = 5 + # Session configuration # Used by RollingSessionMiddleware to determine how often to reset the session. # See https://docs.djangoproject.com/en/3.0/topics/http/sessions/ @@ -255,6 +271,7 @@ # Set default auto field for models. # See https://docs.djangoproject.com/en/3.2/releases/3.2/#customizing-type-of-auto-created-primary-keys + DEFAULT_AUTO_FIELD = 'django.db.models.AutoField' # Baby Buddy configuration diff --git a/requirements.txt b/requirements.txt index b42f1381e..a59b91afa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,36 +1,38 @@ -i https://pypi.python.org/simple asgiref==3.3.4; python_version >= '3.6' -boto3==1.17.89 -botocore==1.20.89; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' +boto3==1.17.98 +botocore==1.20.98; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' defusedxml==0.7.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' diff-match-patch==20200713; python_version >= '2.7' dj-database-url==0.5.0 +django-axes==5.19.0 django-filter==2.4.0 django-import-export==2.5.0 +django-ipware==3.0.2 django-storages==1.11.1 django-widget-tweaks==1.4.8 django==3.2.4 djangorestframework==3.12.4 easy-thumbnails==2.7.1 et-xmlfile==1.1.0; python_version >= '3.6' -faker==8.6.0 +faker==8.8.1 gunicorn==20.1.0 jmespath==0.10.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' markuppy==1.14 odfpy==1.4.1 openpyxl==3.0.7 pillow==8.2.0; python_version >= '3.6' -plotly==4.14.3 -psycopg2-binary==2.8.6 +plotly==5.0.0 +psycopg2-binary==2.9.1 python-dateutil==2.8.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -python-dotenv==0.17.1 +python-dotenv==0.18.0 pytz==2021.1 pyyaml==5.4.1 -retrying==1.3.3 s3transfer==0.4.2 six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' sqlparse==0.4.1; python_version >= '3.5' tablib[html,ods,xls,xlsx,yaml]==3.0.0; python_version >= '3.6' +tenacity==7.0.0 text-unidecode==1.3 uritemplate==3.0.1 urllib3==1.26.5; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'