Django使用django-axis登录 [英] Django login with django-axes
问题描述
我用django创建了一个网站。用户应该能够登录。登录视图如下所示:
I created a site with django. Users should be able to login. The login-view looks like this:
from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
....
if request.method == 'POST':
username = request.POST['username']#get username
password = request.POST['txtPwd']# and password
user = authenticate(username=username, password=password) #checking username and pwd
if user is not None:
if user.is_active:
login(request, user)
但是用这个解决方案处理暴力攻击。所以我环顾四周,发现这个:
限制强力登入攻击Django
But with this "solution" i can't handle an brute force attack. So I looked around and found this: Throttling brute force login attacks in Django
第一个答案是有帮助的。我选择django-axes,因为django-ratelimit只计数调用视图。
The first answer was helpful. I choosed django-axes because django-ratelimit count only the amout of calling a view.
但这是我的问题:当我尝试使用错误的密码登录时,不会计算失败。 (仅在/ admin部分)。
But here is my problem: When i try to login with wrong password it doesn't count the failure. (Only at the /admin-section).
我发现没有选择添加我的登录视图到django-axis。
I found no option to "add" my login-view to django-axes.
所以这里是我的问题:
如何配置django-axis来处理登录视图中失败的登录?
How can I configure django-axes to handle the failed logins from my login-view?
编辑:
这是我的设置文件:
Here is my settings-file:
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'axes',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'axes.middleware.FailedLoginMiddleware'
)
...
AXES_LOCK_OUT_AT_FAILURE = False
AXES_USE_USER_AGENT = True
AXES_COOLOFF_TIME = 1
AXES_LOGIN_FAILURE_LIMIT = 50
推荐答案
默认情况下,django-axis使用django的登录视图(django.contrib.auth.views.login)。在中间件中,此视图使用 watch_login 进行装饰。
By default django-axes used django's login view (django.contrib.auth.views.login). In middleware this view decorate with watch_login.
所以您可以通过两种方式解决问题:
So you can solve your issue in two ways:
- 使用标准登录视图。以这种方式,django-axis不需要额外的设置。
- 使用
watch_login装饰器来装饰您的登录视图。
- use standart login view. In this way django-axis does not require additional setup.
- decorate your's login view with
watch_logindecorator.
例如:
views.py
from axes.decorators import watch_login
...
@watch_login
def your_custom_login_view(request):
...
这篇关于Django使用django-axis登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
