Opened 11 years ago

Closed 11 years ago

#19899 closed New feature (wontfix)

Add attr request in user_login_failed signal

Reported by: anonymous Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Add attr request in user_login_failed signal.
This will allow to see the IP of the person who brute force passwords.

Change History (6)

comment:1 by Claude Paroz, 11 years ago

Resolution: wontfix
Status: newclosed

I can understand the use case, however it will be difficult to implement in practice, because the authenticate method which fires the signal doesn't have access to the request.

I think that if you want to implement such mechanism, you should provide your own AuthenticationForm subclass (and customize the clean method), so this is something each developper can do without modifying Django itself.

comment:2 by anonymous, 11 years ago

How, if form is not receive request?

contrib.auth.view:

@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',

redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
current_app=None, extra_context=None):

"""
Displays the login form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name, )

if request.method == "POST":

form = authentication_form(data=request.POST) # THIS NEED APPEND request
if form.is_valid():

...

comment:3 by anonymous, 11 years ago

How, if form is not receive request?

contrib.auth.view:

@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',

redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
current_app=None, extra_context=None):

"""
Displays the login form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name, )

if request.method == "POST":

form = authentication_form(data=request.POST) # THIS NEED APPEND request
if form.is_valid():

...

comment:4 by anonymous, 11 years ago

Resolution: wontfix
Status: closednew

comment:5 by Alejandro Varas, 11 years ago

This doesn't solve the issue of request not being passed to the user_login_failed signal but solves request being passed to authentication_form and backs claudep argument.

https://code.djangoproject.com/ticket/15198

comment:6 by Claude Paroz, 11 years ago

Resolution: wontfix
Status: newclosed

Yes, #15198 is the ticket to fix so as the request is available.

Note: See TracTickets for help on using tickets.
Back to Top