{ "info": { "author": "Brian Jay Stanley", "author_email": "brian@brianjaystanley.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", "Topic :: Security", "Topic :: Software Development :: Libraries", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "``django-lockout`` is a cache-based Django app that locks out users after too\nmany failed login attempts. Because ``django-lockout`` tracks login attempts\nin your site's cache, it is fast and lightweight. It is intended for Django\nsites where protection against brute force attacks is desired with no\nadditional database overhead.\n\n``django-lockout`` wraps ``django.contrib.auth.authenticate`` and raises\n``lockout.LockedOut`` when too many login attempts occur. Your views are\nresponsible for catching and handling ``LockedOut`` however you deem\nappropriate. ``django-lockout``'s middleware class stores the request object\nin the thread local namespace to give the wrapped ``auth.authenticate``\nfunction access to it.\n\nLogin attempts can be tracked by IP only or by IP plus user-agent.\n\nRequirements \n============ \n``django-lockout`` is designed for Django 1.3. It also works with Django 1.0,\n1.1, and 1.2, with the exception of the test suite (which relies on\n``django.test.client.RequestFactory``). If you use ``django-lockout`` with an\nearlier version of Django than 1.3, you should not add ``'lockout'`` to your\n``INSTALLED_APPS``.\n\n``django-lockout`` requires that you have enabled a cache for your site.\n\nInstallation\n============\nYou can install ``django-lockout`` with::\n\n pip install django-lockout\n\nor::\n\n easy_install django-lockout\n \nAdd ``'lockout.middleware.LockoutMiddleware'`` to your ``MIDDLEWARE_CLASSES``.\nIt should come before Django's ``AuthenticationMiddleware``::\n\n MIDDLEWARE_CLASSES = [\n 'lockout.middleware.LockoutMiddleware',\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n ...\n ]\n\nAdding ``'lockout'`` to your ``INSTALLED_APPS`` is only required if you want to\nrun ``django-lockout``'s test suite.\n \nUsage\n============ \nBelow is an example of how you might use ``django-lockout``::\n\n try:\n user = auth.authenticate(username=username, password=password)\n except LockedOut:\n messages.warning(request, 'Your account has been locked out because of too many failed login attempts.')\n\nIf you need to clear the record of failed attempts for an IP or IP plus\nuser-agent, call ``lockout.reset_attempts``, passing the ``request`` for that\nIP or IP plus user-agent::\n\n reset_attempts(request)\n \n \nSettings\n========\n\nLOCKOUT_MAX_ATTEMPTS\n The maximum number of login attempts before the IP or IP plus user-agent\n is locked out. Default: ``5``.\n\nLOCKOUT_TIME\n The number of seconds the IP or IP plus user-agent should be locked out.\n Default: ``600`` (10 minutes).\n\nLOCKOUT_ENFORCEMENT_WINDOW\n The number of seconds before the failed login attempts are reset and the\n IP or IP plus user-agent gets a fresh start. Default: ``300`` (5 minutes).\n \n ``LOCKOUT_ENFORCEMENT_WINDOW`` affects failed login attempts up to the max\n allowed, while ``LOCKOUT_TIME`` takes effect when the max attempts is\n reached. For example, with a ``LOCKOUT_ENFORCEMENT_WINDOW`` of 5 minutes,\n suppose a user has a failed login attempt, followed by another failed\n login attempt 3 minutes later. Both attempts will count toward the\n maximum. However, if the 5-minute mark (from the first failed attempt) is\n reached with fewer than the max allowed attempts, the failures will expire\n and the user will once again be allowed the maximum attempts. If the user\n exceeds the max within the ``LOCKOUT_ENFORCEMENT_WINDOW``, the user will\n be locked out for ``LOCKOUT_TIME`` seconds.\n\nLOCKOUT_USE_USER_AGENT\n Whether to track failed login attempts by IP plus user-agent, instead of\n by IP only. Default: ``False``.\n\nLOCKOUT_CACHE_PREFIX\n The prefix for cache keys generated by ``django-lockout``. Default: ``'lockout'``.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/brianjaystanley/django-lockout", "keywords": "django cache security", "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "django-lockout", "package_url": "https://pypi.org/project/django-lockout/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-lockout/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/brianjaystanley/django-lockout" }, "release_url": "https://pypi.org/project/django-lockout/0.1.1/", "requires_dist": null, "requires_python": null, "summary": "cache-based Django app that locks out users after too many failed login attempts.", "version": "0.1.1" }, "last_serial": 743189, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "09e25bd78d6627f72e89e9a218345e9d", "sha256": "59b586b412fa96f91cde7e2b0ffde183f7894513cdecf00bcac5891bc6746222" }, "downloads": -1, "filename": "django-lockout-0.1.0.tar.gz", "has_sig": false, "md5_digest": "09e25bd78d6627f72e89e9a218345e9d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6754, "upload_time": "2011-07-18T22:50:27", "url": "https://files.pythonhosted.org/packages/a9/59/a9ce3f52e77f13ca119f1b12018dc2e17b7ffa4165cc67cb0b14b19673e3/django-lockout-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "6e12ca4e86e6117d95cf10ba5b25a3a3", "sha256": "b96292167f84448f1b9d19f6d0f1f267ffb43f01d98b8b6745eb534d9ae01081" }, "downloads": -1, "filename": "django-lockout-0.1.1.zip", "has_sig": false, "md5_digest": "6e12ca4e86e6117d95cf10ba5b25a3a3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13676, "upload_time": "2011-08-30T17:58:01", "url": "https://files.pythonhosted.org/packages/7f/eb/853cfa901b6296f9438fe8d9d93663bcab892ca5d0931704829435c3e5c9/django-lockout-0.1.1.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "6e12ca4e86e6117d95cf10ba5b25a3a3", "sha256": "b96292167f84448f1b9d19f6d0f1f267ffb43f01d98b8b6745eb534d9ae01081" }, "downloads": -1, "filename": "django-lockout-0.1.1.zip", "has_sig": false, "md5_digest": "6e12ca4e86e6117d95cf10ba5b25a3a3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13676, "upload_time": "2011-08-30T17:58:01", "url": "https://files.pythonhosted.org/packages/7f/eb/853cfa901b6296f9438fe8d9d93663bcab892ca5d0931704829435c3e5c9/django-lockout-0.1.1.zip" } ] }