Skip to content

Commit 68f853c

Browse files
deps: Update django-axes (#6671)
1 parent 2c004db commit 68f853c

4 files changed

Lines changed: 48 additions & 53 deletions

File tree

api/poetry.lock

Lines changed: 23 additions & 32 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/pyproject.toml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ django-environ = "~0.4.5"
152152
influxdb-client = "~1.50.0"
153153
django-ordered-model = "~3.4.1"
154154
django-ses = "~3.5.0"
155-
django-axes = "~5.32.0"
155+
django-axes = "^8.1.0"
156156
pydantic = "^2.12.0"
157157
pyngo = "~2.4.1"
158158
flagsmith = "^3.10.0"
@@ -220,7 +220,9 @@ pre-commit = "^4.0.1"
220220
pytest-mock = "~3.10.0"
221221
pytest-lazy-fixture = "~0.6.3"
222222
moto = "~4.1.3"
223-
pytest-freezegun = "~0.4.2"
223+
# TODO: move to https://github.com/adamchainz/time-machine
224+
pytest-freezegun = "^0.4.2"
225+
setuptools = "*" # this only exists because pytest-freezegun fails without it
224226
pytest-xdist = "~3.6.1"
225227
pylint = "~2.16.2"
226228
pep8 = "~1.7.1"

api/tests/unit/environments/test_unit_environments_authentication.py

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,6 @@
11
from unittest.mock import MagicMock
22

33
import pytest
4-
from axes.models import AccessAttempt # type: ignore[import-untyped]
5-
from django.contrib.auth import authenticate
6-
from django.http import HttpRequest
7-
from pytest_django.fixtures import SettingsWrapper
84
from rest_framework.exceptions import AuthenticationFailed
95

106
from environments.authentication import EnvironmentKeyAuthentication
@@ -64,18 +60,3 @@ def test_authenticate_raises_authentication_failed_if_organisation_set_to_stop_s
6460
# When / Then
6561
with pytest.raises(AuthenticationFailed):
6662
authenticator.authenticate(request) # type: ignore[no-untyped-call]
67-
68-
69-
# TODO: this test should not be here?
70-
def test_brute_force_access_attempts(db: None, settings: SettingsWrapper) -> None:
71-
invalid_user_name = "invalid_user@mail.com"
72-
login_attempts_to_make = settings.AXES_FAILURE_LIMIT + 1
73-
74-
assert AccessAttempt.objects.all().count() == 0
75-
76-
for _ in range(login_attempts_to_make):
77-
request = HttpRequest()
78-
request.path = "/api/v1/auth/login/"
79-
authenticate(request, username=invalid_user_name, password="invalid_password")
80-
81-
assert AccessAttempt.objects.filter(username=invalid_user_name).count() == 1
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
from axes.models import AccessAttempt # type: ignore[import-untyped]
2+
from django.urls import reverse
3+
from pytest_django.fixtures import SettingsWrapper
4+
from rest_framework.test import APIClient
5+
6+
7+
def test_brute_force_access_attempts(
8+
db: None, settings: SettingsWrapper, api_client: APIClient
9+
) -> None:
10+
invalid_user_name = "invalid_user@mail.com"
11+
login_attempts_to_make = settings.AXES_FAILURE_LIMIT + 1
12+
13+
assert AccessAttempt.objects.all().count() == 0
14+
15+
login_url = reverse("api-v1:custom_auth:custom-mfa-authtoken-login")
16+
login_data = {"email": invalid_user_name, "password": "invalid_password"}
17+
18+
for _ in range(login_attempts_to_make):
19+
api_client.post(login_url, login_data, format="json")
20+
21+
assert AccessAttempt.objects.filter(username=invalid_user_name).count() == 1

0 commit comments

Comments
 (0)