Failed login counter should be reset to 0 on successful login
Closed this issue · 3 comments
Currently the failed logins are added up even if the user logged in successfully between failed logins.
The counter should count only consecutive failed logins, therefore should be reset to 0 on every successful login.
This happens only when using the REST Api.
Every time a REST Resource is accessed/changed with HTTP Auth (not logged in with a Django Session) only authentication happens.
The Django user_logged_in signal is sent only when login() is called. django-useraudit resets the login attempt counter on the user_logged_in signal, so if we just use the REST Api the counter isn't reset.
Will have to think a bit about how to solve this one.
def login_callback(sender, user, request, **kwargs):
login_logger.log_login(user.get_username(), request)
login_attempt_logger.reset(user.get_username())
# User logged in Django signal
user_logged_in.connect(login_callback)
def reset(self, username):
defaults = {
'count': 0,
'timestamp': datetime.datetime.now()
}
LoginAttempt.objects.update_or_create(username=username, defaults=defaults)
Yeah, but the Django handling is a bit inconsistent:
user_login_failed is sent when authenticate fails:
user_logged_in, however is sent when login() is successful:
:-(