Vvg"ddlZddlmZmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZmZmZmZmZGd d eZGd d ZGd deeZdS)N)ABCabstractmethod)Optional)warn)reverse)NoReverseMatch)settings)get_failure_limit is_client_ip_address_blacklisted is_client_ip_address_whitelistedis_client_method_whitelistedis_user_attempt_whitelistedceZdZdZed defdZedZedZed de ede fdZ dS) AbstractAxesHandlerz3 Contract that all handlers need to follow N credentialsc td)zm Handles the Django ``django.contrib.auth.signals.user_login_failed`` authentication signal. z'user_login_failed should be implementedNotImplementedErrorselfsenderrrequestkwargss O/var/www/pixelcanvas.ch/venv/lib/python3.11/site-packages/axes/handlers/base.pyuser_login_failedz%AbstractAxesHandler.user_login_faileds ""KLLLc td)zj Handles the Django ``django.contrib.auth.signals.user_logged_in`` authentication signal. z$user_logged_in should be implementedrrrruserrs ruser_logged_inz"AbstractAxesHandler.user_logged_ins ""HIIIrc td)zk Handles the Django ``django.contrib.auth.signals.user_logged_out`` authentication signal. z%user_logged_out should be implementedrrs ruser_logged_outz#AbstractAxesHandler.user_logged_out&s ""IJJJrreturnc td)a Checks the number of failures associated to the given request and credentials. This is a virtual method that needs an implementation in the handler subclass if the ``settings.AXES_LOCK_OUT_AT_FAILURE`` flag is set to ``True``. z"get_failures should be implementedrrrrs r get_failuresz AbstractAxesHandler.get_failures-s""FGGGrN) __name__ __module__ __qualname____doc__rdictrr r"rintr&rrrrsMMTMMM^M JJ^J KK^K HH$H3HHH^HHHrrc ^eZdZdZddeedefdZddeedefdZddeedefdZ ddeedefdZ dee fd Z defd Z defd Zddd d dee dee dedefdZdddeedefdZdddeedefdZddde deedefdZdS)AxesBaseHandlera Handler API definition for implementations that are used by the ``AxesProxyHandler``. If you wish to specialize your own handler class, override the necessary methods and configure the class for use by setting ``settings.AXES_HANDLER = 'module.path.to.YourClass'``. Make sure that new the handler is compliant with AbstractAxesHandler and make sure it extends from this mixin. Refer to `AxesHandler` for an example. The default implementation that is actually used by Axes is ``axes.handlers.database.AxesDatabaseHandler``. .. note:: This is a virtual class and **can not be used without specialization**. Nrr#ctjr||sdS|||rdS|||rdS|||rdSdS)aF Checks if the user is allowed to access or use given functionality such as a login view or authentication. This method is abstract and other backends can specialize it as needed, but the default implementation checks if the user has attempted to authenticate into the site too many times through the Django authentication backends and returns ``False`` if user exceeds the configured Axes thresholds. This checker can implement arbitrary checks such as IP whitelisting or blacklisting, request frequency checking, failed attempt monitoring or similar functions. Please refer to the ``axes.handlers.database.AxesDatabaseHandler`` for the default implementation and inspiration on some common checks and access restrictions before writing your own implementation. TF)r AXES_ONLY_ADMIN_SITEis_admin_requestis_blacklistedis_whitelisted is_lockedr%s r is_allowedzAxesBaseHandler.is_allowedFs  ( 1F1Fw1O1O 4   w 4 4 5   w 4 4 4 >>'; / / 5trc(t|rdSdS)zY Checks if the request or given credentials are blacklisted from access. TF)r r%s rr4zAxesBaseHandler.is_blacklistedcs ,G 4 4 4urcnt||rdSt|rdSt|rdSdS)zX Checks if the request or given credentials are whitelisted for access. TF)rr r r%s rr5zAxesBaseHandler.is_whitelistedmsJ 'w < < 4 +G 4 4 4 ' 0 0 4urcntjr(|||t||kSdS)zH Checks if the request or given credentials are locked. F)r AXES_LOCK_OUT_AT_FAILUREr&r r%s rr6zAxesBaseHandler.is_locked}sE  , 9$$"7K889 9urcD tdS#t$rYdSwxYw)zE Returns admin url if exists, otherwise returns None admin:indexN)rr)rs r get_admin_urlzAxesBaseHandler.get_admin_urls7 =)) )   44 s  ct|dr7|}|duotjd||jduSdS)z> Checks that request located under admin site pathN^F)hasattrr>rematchr@rr admin_urls rr3z AxesBaseHandler.is_admin_requests] 7F # # **,,I%HH___gl;;4G  urctdttjrPt |dr@ t d}n#t $rYdSwxYwtjd||j  SdS)zq Checks if the request is NOT for admin site if `settings.AXES_ONLY_ADMIN_SITE` is True. zThis method is deprecated and will be removed in future versions. If you looking for method that checks if `request.path` located under admin site, use `is_admin_request` instead.r@r=TrAF) rDeprecationWarningr r2rBrrrCrDr@rEs r is_admin_sitezAxesBaseHandler.is_admin_sites >       ( ?WWf-E-E ? #M22 !   tt xI>>> >usA AAF) ip_addressusernameip_or_usernamerJrKrLcdS)aZ Resets access attempts that match the given IP address or username. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here, so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. rr.)rrJrKrLs rreset_attemptszAxesBaseHandler.reset_attemptss qr)age_daysrOcdS)aS Resets access logs that are older than given number of days. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here, so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. rr.rrOs r reset_logszAxesBaseHandler.reset_logs qrcdS)a[ Resets access failure logs that are older than given number of days. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here, so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. rr.rQs rreset_failure_logsz"AxesBaseHandler.reset_failure_logsrSr)limitrVcdS)ayRemove access failure logs that are over AXES_ACCESS_FAILURE_LOG_PER_USER_LIMIT for user username. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here, so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. rr.)rrKrVs r remove_out_of_limit_failure_logsz0AxesBaseHandler.remove_out_of_limit_failure_logss qrr')r(r)r*r+rr,boolr7r4r5r6strr>r3rIr-rNrRrUrXr.rrr0r08s"  x~:8D>T8D>T  htn     x} 4    2%)"&$ SM3-    "7;   hsm s    ?C   hsm s    8<    '/}        rr0cJeZdZdZd defdZdZdZd deede fdZ dS) AxesHandlerzI Signal bare handler implementation without any storage backend. Nrc dSr'r.rs rrzAxesHandler.user_login_failed rc dSr'r.rs rr zAxesHandler.user_logged_inr^rc dSr'r.rs rr"zAxesHandler.user_logged_outr^rr#cdS)Nrr.r%s rr&zAxesHandler.get_failuressqrr') r(r)r*r+r,rr r"rr-r&r.rrr\r\s  T          $3rr\)rCabcrrtypingrwarningsr django.urlsrdjango.urls.exceptionsr axes.confr axes.helpersr r r r rrr0r\r.rrrisa ########111111"H"H"H"H"H#"H"H"HJqqqqqqqqh%r