Django的轴没有捕捉失败的登录尝试,但撷管理失败的尝试罚款 [英] django-axes not capturing failed login attempt, but captures admin failed attempts fine

查看:202
本文介绍了Django的轴没有捕捉失败的登录尝试,但撷管理失败的尝试罚款的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用Django的轴,并使用在github自述中描述的完全相同的步骤。我能够登录并通过Django的意见注销很好,但如果去throught主站没有失败的登录尝试得到抓获。尽管如此,从失败的管理站点的登录尝试得到抓获就好了。我使用的是FailedLoginMiddleware,并没有什么具体的管理。我有双重检查所有的设置和CONFIGS,但我还是没有找到问题的根源。请帮忙。 

  MIDDLEWARE_CLASSES =(
    django.middleware.common.CommonMiddleware',
    django.contrib.sessions.middleware.SessionMiddleware',
    django.middleware.csrf.CsrfViewMiddleware',
    django.contrib.auth.middleware.AuthenticationMiddleware',
    django.contrib.messages.middleware.MessageMiddleware',
    axes.middleware.FailedLoginMiddleware',
)INSTALLED_APPS =(
    'django.contrib.auth',
    django.contrib.contenttypes',
    django.contrib.sessions',
    django.contrib.sites',
    django.contrib.messages',
    django.contrib.staticfiles',
    '轴',
    django.contrib.admin',

下面是项目的urls.py:

 从django.conf.urls.defaults进口模式,包括URL
从django.contrib.auth.views进口登录,注销,password_change从qs.forms导入ValidatingPasswordChangeForm从django.contrib中导入管理
admin.autodiscover()urlpatterns的=型态('',
    (R'^登录/ $,登录{'TEMPLATE_NAME':'auth /中的login.html'}),
    (R'^注销/ $',注销{'redirect_field_name':'/登录',
                            TEMPLATE_NAME':'auth /中logged_out.html'}),
    (R'^ passw_change / $',password_change,
                           {'post_change_redirect':'/愤怒,
                            TEMPLATE_NAME':'auth /中password_change.html',
                            password_change_form':ValidatingPasswordChangeForm})    (R'^ passw_reset / $','views.rage_password_reset'),
    (R'^ passw_reset /做/','views.rage_password_reset_done'),
    (R'?^ passw_reset /(P下; uidb36> [0-9A-ZA-Z] +) - (P下;令牌GT +)/ $','views.rage_password_reset_confirm'),
    (R'^ passw_reset /完整/ $','views.rage_password_reset_complete'),    URL(R'^ $','be.views.main.index'),
    URL(R'^管理员/',包括:(admin.site.urls))


解决方案

我想不出任何理由为什么你的配置不work-我使用Django轴和我的设置是完全相同的你和它的工作原理精细。但是,您可以强制轴通过执行以下操作登录的一切:


  1. 修改 axes.middleware.FailedLoginMiddleware axes.middleware.FailedAdminLoginMiddleware settings.py 。 ( FailedAuthLoginMiddleware 显然不是为你工作,所以不要使用它。)


  2. 修改 urls.conf 

      ...
    从django.contrib.auth.views进口登录,注销,password_change
    从axes.decorators进口watch_login
    ...
    urlpatterns的=型态('',
        (R'^登录/ $',watch_login(登录),{'TEMPLATE_NAME':'auth /中的login.html'}),
    ...


这应强制轴登录企图─而且这样做也可能会阐明什么最初的问题是一些轻。

I am using Django-axes, and using the exact same steps described in readme on github. I am able to login and logout fine through django views, but none of the failed login attempts get captured if going throught the main website. None the less, failed login attempts from admin site get captured just fine. I am using the FailedLoginMiddleware, and nothing admin specific. I have double checked all the settings and configs, but I am still failing to find the source of the problem. Please help. 

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'axes.middleware.FailedLoginMiddleware',
)

INSTALLED_APPS = (
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'axes',
    'django.contrib.admin',
)

Here is the projects urls.py:

from django.conf.urls.defaults import patterns, include, url
from django.contrib.auth.views import login, logout, password_change 

from qs.forms import ValidatingPasswordChangeForm

from django.contrib import admin
admin.autodiscover()

urlpatterns = patterns('',
    (r'^login/$', login, {'template_name': 'auth/login.html'}),
    (r'^logout/$', logout, {'redirect_field_name': '/login', 
                            'template_name': 'auth/logged_out.html'}),
    (r'^passw_change/$', password_change, 
                           {'post_change_redirect': '/rage', 
                            'template_name': 'auth/password_change.html',
                            'password_change_form': ValidatingPasswordChangeForm}),

    (r'^passw_reset/$', 'views.rage_password_reset'),
    (r'^passw_reset/done/', 'views.rage_password_reset_done'),
    (r'^passw_reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'views.rage_password_reset_confirm'),
    (r'^passw_reset/complete/$', 'views.rage_password_reset_complete'),

    url(r'^$', 'be.views.main.index'),
    url(r'^admin/', include(admin.site.urls)),
)

解决方案

I can't think of any reason why your config wouldn't work- I use django-axes and my setup is the exact same as yours and it works fine. However, you can force axes to log everything by doing the following:

  1. Change axes.middleware.FailedLoginMiddleware to axes.middleware.FailedAdminLoginMiddleware in your settings.py. (FailedAuthLoginMiddleware obviously isn't working for you, so don't use it.)

  2. Edit your urls.conf:

    ...
from django.contrib.auth.views import login, logout, password_change
from axes.decorators import watch_login
...
urlpatterns = patterns('',
    (r'^login/$', watch_login(login), {'template_name': 'auth/login.html'}),
...

This should force axes to log attempts- and doing so may also shed some light on what the initial issue was.

这篇关于Django的轴没有捕捉失败的登录尝试,但撷管理失败的尝试罚款的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆