From eddc473c05d4913dfcb8b7e747a94b22968f6ea3 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Fri, 7 Apr 2023 15:00:00 +0200
Subject: Optional security for login attempt: loging, deactivate account after
 many failed login.

---
 example_project/settings.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'example_project')

diff --git a/example_project/settings.py b/example_project/settings.py
index 25a60fb93..a0f677755 100644
--- a/example_project/settings.py
+++ b/example_project/settings.py
@@ -133,6 +133,7 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.locale.LocaleMiddleware",
+    "axes.middleware.AxesMiddleware",
 ]
 
 TEMPLATES = [
@@ -159,7 +160,10 @@ TEMPLATES = [
 
 ROOT_URLCONF = "example_project.urls"
 
-AUTHENTICATION_BACKENDS = ("ishtar_common.backend.ObjectPermBackend",)
+AUTHENTICATION_BACKENDS = (
+    "axes.backends.AxesBackend",
+    "ishtar_common.backend.ObjectPermBackend",
+)
 
 INSTALLED_APPS = [
     "registration",
@@ -170,6 +174,7 @@ INSTALLED_APPS = [
     "archaeological_warehouse",
     "archaeological_finds",
     "compressor",
+    "axes",
     "rest_framework",
     "rest_framework.authtoken",
     "django.contrib.auth",
@@ -190,6 +195,10 @@ TRANSLATION_OVERLOAD_DEBUG = False
 
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 SESSION_COOKIE_AGE = 5 * 24 * 60 * 60
+AXES_ENABLED = False
+AXES_FAILURE_LIMIT = 5
+AXES_COOLOFF_TIME = 2  # hours
+AXES_RESET_ON_SUCCESS = True
 
 MAIN_APP = ""
 
@@ -402,7 +411,7 @@ if DEBUG_TOOLBAR:
         sys.path.insert(0, "..")
     global DEBUG_TOOLBAR_PANELS
     global DEBUG_TOOLBAR_CONFIG
-    MIDDLEWARE += ["debug_toolbar.middleware.DebugToolbarMiddleware"]
+    MIDDLEWARE.insert(len(MIDDLEWARE) - 1, "debug_toolbar.middleware.DebugToolbarMiddleware")
     INSTALLED_APPS += ["debug_toolbar"]
     DEBUG_TOOLBAR_PANELS = (
         "debug_toolbar.panels.versions.VersionsPanel",
@@ -455,11 +464,12 @@ if SENTRY_ID and sentry_sdk:
 
 
 if ISHTAR_SECURE_OPTIONS:
+    AXES_ENABLED = True  # log logging attempts and block account on many fails
     # verify https is ok before activating
-    MIDDLEWARE += [
+    MIDDLEWARE = MIDDLEWARE[:-1] + [
         "django.middleware.security.SecurityMiddleware",
         "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    ]
+    ] + [MIDDLEWARE[-1]]
     SECURE_HSTS_SECONDS = 31536000
     SECURE_HSTS_PRELOAD = True
     SECURE_HSTS_INCLUDE_SUBDOMAINS = True
-- 
cgit v1.2.3