Opened 12 years ago
Closed 12 years ago
#19899 closed New feature (wontfix)
Add attr request in user_login_failed signal
Reported by: | anonymous | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Add attr request in user_login_failed signal.
This will allow to see the IP of the person who brute force passwords.
Change History (6)
comment:1 by , 12 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
comment:2 by , 12 years ago
How, if form is not receive request?
contrib.auth.view:
@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
current_app=None, extra_context=None):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name, )
if request.method == "POST":
form = authentication_form(data=request.POST) # THIS NEED APPEND request
if form.is_valid():
...
comment:3 by , 12 years ago
How, if form is not receive request?
contrib.auth.view:
@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
current_app=None, extra_context=None):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name, )
if request.method == "POST":
form = authentication_form(data=request.POST) # THIS NEED APPEND request
if form.is_valid():
...
comment:4 by , 12 years ago
Resolution: | wontfix |
---|---|
Status: | closed → new |
comment:5 by , 12 years ago
This doesn't solve the issue of request not being passed to the user_login_failed signal but solves request being passed to authentication_form and backs claudep argument.
comment:6 by , 12 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Yes, #15198 is the ticket to fix so as the request is available.
I can understand the use case, however it will be difficult to implement in practice, because the
authenticate
method which fires the signal doesn't have access to the request.I think that if you want to implement such mechanism, you should provide your own
AuthenticationForm
subclass (and customize theclean
method), so this is something each developper can do without modifying Django itself.