Metadata-Version: 1.0
Name: django-lockout
Version: 0.1.1
Summary: cache-based Django app that locks out users after too many failed login attempts.
Home-page: https://github.com/brianjaystanley/django-lockout
Author: Brian Jay Stanley
Author-email: brian@brianjaystanley.com
License: MIT
Description: ``django-lockout`` is a cache-based Django app that locks out users after too
        many failed login attempts. Because ``django-lockout`` tracks login attempts
        in your site's cache, it is fast and lightweight. It is intended for Django
        sites where protection against brute force attacks is desired with no
        additional database overhead.
        
        ``django-lockout`` wraps ``django.contrib.auth.authenticate`` and raises
        ``lockout.LockedOut`` when too many login attempts occur. Your views are
        responsible for catching and handling ``LockedOut`` however you deem
        appropriate. ``django-lockout``'s middleware class stores the request object
        in the thread local namespace to give the wrapped ``auth.authenticate``
        function access to it.
        
        Login attempts can be tracked by IP only or by IP plus user-agent.
        
        Requirements
        ============
        ``django-lockout`` is designed for Django 1.3. It also works with Django 1.0,
        1.1, and 1.2, with the exception of the test suite (which relies on
        ``django.test.client.RequestFactory``). If you use ``django-lockout`` with an
        earlier version of Django than 1.3, you should not add ``'lockout'`` to your
        ``INSTALLED_APPS``.
        
        ``django-lockout`` requires that you have enabled a cache for your site.
        
        Installation
        ============
        You can install ``django-lockout`` with::
        
        pip install django-lockout
        
        or::
        
        easy_install django-lockout
        
        Add ``'lockout.middleware.LockoutMiddleware'`` to your ``MIDDLEWARE_CLASSES``.
        It should come before Django's ``AuthenticationMiddleware``::
        
        MIDDLEWARE_CLASSES = [
        'lockout.middleware.LockoutMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        ...
        ]
        
        Adding ``'lockout'`` to your ``INSTALLED_APPS`` is only required if you want to
        run ``django-lockout``'s test suite.
        
        Usage
        ============
        Below is an example of how you might use ``django-lockout``::
        
        try:
        user = auth.authenticate(username=username, password=password)
        except LockedOut:
        messages.warning(request, 'Your account has been locked out because of too many failed login attempts.')
        
        If you need to clear the record of failed attempts for an IP or IP plus
        user-agent, call ``lockout.reset_attempts``, passing the ``request`` for that
        IP or IP plus user-agent::
        
        reset_attempts(request)
        
        
        Settings
        ========
        
        LOCKOUT_MAX_ATTEMPTS
        The maximum number of login attempts before the IP or IP plus user-agent
        is locked out. Default: ``5``.
        
        LOCKOUT_TIME
        The number of seconds the IP or IP plus user-agent should be locked out.
        Default: ``600`` (10 minutes).
        
        LOCKOUT_ENFORCEMENT_WINDOW
        The number of seconds before the failed login attempts are reset and the
        IP or IP plus user-agent gets a fresh start. Default: ``300`` (5 minutes).
        
        ``LOCKOUT_ENFORCEMENT_WINDOW`` affects failed login attempts up to the max
        allowed, while ``LOCKOUT_TIME`` takes effect when the max attempts is
        reached. For example, with a ``LOCKOUT_ENFORCEMENT_WINDOW`` of 5 minutes,
        suppose a user has a failed login attempt, followed by another failed
        login attempt 3 minutes later. Both attempts will count toward the
        maximum. However, if the 5-minute mark (from the first failed attempt) is
        reached with fewer than the max allowed attempts, the failures will expire
        and the user will once again be allowed the maximum attempts. If the user
        exceeds the max within the ``LOCKOUT_ENFORCEMENT_WINDOW``, the user will
        be locked out for ``LOCKOUT_TIME`` seconds.
        
        LOCKOUT_USE_USER_AGENT
        Whether to track failed login attempts by IP plus user-agent, instead of
        by IP only. Default: ``False``.
        
        LOCKOUT_CACHE_PREFIX
        The prefix for cache keys generated by ``django-lockout``. Default: ``'lockout'``.
        
Keywords: django cache security
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Framework :: Django
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Software Development :: Libraries :: Python Modules
