feat: pass the request to get dynamic cool off period

browniebroke · aleksihakli · commit 510c8d18f50d · 2024-10-02T20:15:31.000+03:00
diff --git a/axes/handlers/cache.py b/axes/handlers/cache.py
@@ -113,7 +113,7 @@ def user_login_failed(self, sender, credentials: dict, request=None, **kwargs):
             return
 
         cache_keys = get_client_cache_keys(request, credentials)
-        cache_timeout = get_cache_timeout(username)
+        cache_timeout = get_cache_timeout(request)
         failures = []
         for cache_key in cache_keys:
             added = self.cache.add(key=cache_key, value=1, timeout=cache_timeout)
diff --git a/axes/helpers.py b/axes/helpers.py
@@ -34,7 +34,7 @@ def get_cache() -> BaseCache:
     return caches[getattr(settings, "AXES_CACHE", "default")]
 
 
-def get_cache_timeout(username: Optional[str] = None) -> Optional[int]:
+def get_cache_timeout(request: Optional[HttpRequest] = None) -> Optional[int]:
     """
     Return the cache timeout interpreted from settings.AXES_COOLOFF_TIME.
 
@@ -45,20 +45,20 @@ def get_cache_timeout(username: Optional[str] = None) -> Optional[int]:
     for use with the Django cache backends.
     """
 
-    cool_off = get_cool_off(username)
+    cool_off = get_cool_off(request)
     if cool_off is None:
         return None
     return int(cool_off.total_seconds())
 
 
-def get_cool_off(username: Optional[str] = None) -> Optional[timedelta]:
+def get_cool_off(request: Optional[HttpRequest] = None) -> Optional[timedelta]:
     """
     Return the login cool off time interpreted from settings.AXES_COOLOFF_TIME.
 
     The return value is either None or timedelta.
 
     Notice that the settings.AXES_COOLOFF_TIME is either None, timedelta, integer/float of hours,
-    a path to a callable or a callable taking zero or 1 argument (the username). This function
+    a path to a callable or a callable taking zero or 1 argument (the request). This function
     offers a unified _timedelta or None_ representation of that configuration for use with the
     Axes internal implementations.
 
@@ -73,18 +73,18 @@ def get_cool_off(username: Optional[str] = None) -> Optional[timedelta]:
         return timedelta(minutes=cool_off * 60)
     if isinstance(cool_off, str):
         cool_off_func = import_string(cool_off)
-        return _maybe_partial(cool_off_func, username)()
+        return _maybe_partial(cool_off_func, request)()
     if callable(cool_off):
-        return _maybe_partial(cool_off, username)()  # pylint: disable=not-callable
+        return _maybe_partial(cool_off, request)()  # pylint: disable=not-callable
 
     return cool_off
 
 
-def _maybe_partial(func: Callable, username: Optional[str] = None):
-    """Bind the given username to the function if it accepts a single argument."""
+def _maybe_partial(func: Callable, request: Optional[HttpRequest] = None):
+    """Bind the given request to the function if it accepts a single argument."""
     sig = inspect.signature(func)
     if len(sig.parameters) == 1:
-        return functools.partial(func, username)
+        return functools.partial(func, request)
     return func
 
 
diff --git a/docs/4_configuration.rst b/docs/4_configuration.rst
@@ -23,7 +23,7 @@ The following ``settings.py`` options are available for customizing Axes behavio
 +------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | AXES_LOCK_OUT_AT_FAILURE                             | True                                         | After the number of allowed login attempts are exceeded, should we lock out this IP (and optional user agent)?                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 +------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| AXES_COOLOFF_TIME                                    | None                                         | If set, defines a period of inactivity after which  old failed login attempts will be cleared.  Can be set to a Python timedelta object, an integer, a float, a callable, or a string path to a callable which takes the username as argument.  If an integer or float, will be interpreted as a number of hours:  ``AXES_COOLOFF_TIME = 2`` 2 hours,   ``AXES_COOLOFF_TIME = 2.0`` 2 hours, 120 minutes,  ``AXES_COOLOFF_TIME = 1.7`` 1.7 hours, 102 minutes, 6120 seconds                                                                                                                                                                                                                                                                           |
+| AXES_COOLOFF_TIME                                    | None                                         | If set, defines a period of inactivity after which  old failed login attempts will be cleared.  Can be set to a Python timedelta object, an integer, a float, a callable, or a string path to a callable which takes the request as argument.  If an integer or float, will be interpreted as a number of hours:  ``AXES_COOLOFF_TIME = 2`` 2 hours,   ``AXES_COOLOFF_TIME = 2.0`` 2 hours, 120 minutes,  ``AXES_COOLOFF_TIME = 1.7`` 1.7 hours, 102 minutes, 6120 seconds                                                                                                                                                                                                                                                                           |
 +------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | AXES_ONLY_ADMIN_SITE                                 | False                                        | If ``True``, lock is only enabled for admin site. Admin site is determined by checking request path against the path of ``"admin:index"`` view. If admin urls are not registered in current urlconf, all requests will not be locked.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
 +------------------------------------------------------+----------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
diff --git a/tests/test_helpers.py b/tests/test_helpers.py
@@ -59,31 +59,37 @@ def test_get_cache_timeout_timedelta(self):
     def test_get_cache_timeout_none(self):
         self.assertEqual(get_cache_timeout(), None)
 
-    def test_get_increasing_cache_timeout(self):
+    def test_get_increasing_cache_timeout_by_username(self):
         user_durations = {
             "ben": timedelta(minutes=5),
             "jen": timedelta(minutes=10),
         }
 
-        def _callback(username):
+        def _callback(request):
+            username = request.POST["username"] if request else object()
             previous_duration = user_durations.get(username, timedelta())
             user_durations[username] = previous_duration + timedelta(minutes=5)
             return user_durations[username]
 
+        rf = RequestFactory()
+        ben_req = rf.post("/", data={"username": "ben"})
+        jen_req = rf.post("/", data={"username": "jen"})
+        james_req = rf.post("/", data={"username": "james"})
+
         with override_settings(AXES_COOLOFF_TIME=_callback):
             with self.subTest("no username"):
                 self.assertEqual(get_cache_timeout(), 300)
 
             with self.subTest("ben"):
-                self.assertEqual(get_cache_timeout("ben"), 600)
-                self.assertEqual(get_cache_timeout("ben"), 900)
-                self.assertEqual(get_cache_timeout("ben"), 1200)
+                self.assertEqual(get_cache_timeout(ben_req), 600)
+                self.assertEqual(get_cache_timeout(ben_req), 900)
+                self.assertEqual(get_cache_timeout(ben_req), 1200)
 
             with self.subTest("jen"):
-                self.assertEqual(get_cache_timeout("jen"), 900)
+                self.assertEqual(get_cache_timeout(jen_req), 900)
 
             with self.subTest("james"):
-                self.assertEqual(get_cache_timeout("james"), 300)
+                self.assertEqual(get_cache_timeout(james_req), 300)
 
 
 class TimestampTestCase(AxesTestCase):
