From dff454815f47de800930981de93a9cc659c037ca Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Fri, 19 Oct 2018 08:55:36 +1300
Subject: [PATCH] Use django-axes to lockout after multiple failed logins

Repeated failed login attempts should trigger lockout to prevent
brute-forcing and user enumeration - django-axes does this using account
and IP-based lockout.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 docker/settings.py | 16 ++++++++++++++++
 requirements.txt   |  3 +++
 settings.py        | 16 ++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/docker/settings.py b/docker/settings.py
index b5fefa5..462f432 100644
--- a/docker/settings.py
+++ b/docker/settings.py
@@ -152,10 +152,16 @@ INSTALLED_APPS = (
     'reversion',
     'reversion_compare',
     'captcha',
+    'axes',
     'rest_framework',
     'corsheaders',
 )
 
+AUTHENTICATION_BACKENDS = [
+    'axes.backends.AxesModelBackend',
+    'django.contrib.auth.backends.ModelBackend',
+]
+
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'layerindex.restperm.ReadOnlyPermission',
@@ -242,6 +248,16 @@ PARALLEL_JOBS = "4"
 #CAPTCHA_FLITE_PATH = "/usr/bin/flite"
 #CAPTCHA_SOX_PATH = "/usr/bin/sox"
 
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+    },
+    'axes_cache': {
+        'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
+    }
+}
+AXES_CACHE = "axes_cache"
+
 # Full path to directory to store logs for dynamically executed tasks
 TASK_LOG_DIR = "/tmp/layerindex-task-logs"
 
diff --git a/requirements.txt b/requirements.txt
index c040e56..62eda90 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,10 @@ billiard==3.5.0.3
 celery==4.1.0
 confusable-homoglyphs==3.0.0
 Django>1.11.0,<1.12
+django-appconf==1.0.2
+django-axes==4.4.0
 django-cors-headers==1.1.0
+django-ipware==2.1.0
 django-ranged-response==0.2.0
 django-registration==2.4.1
 django-reversion==2.0.13
diff --git a/settings.py b/settings.py
index e899c0d..9a12a7b 100644
--- a/settings.py
+++ b/settings.py
@@ -152,10 +152,16 @@ INSTALLED_APPS = (
     'reversion',
     'reversion_compare',
     'captcha',
+    'axes',
     'rest_framework',
     'corsheaders',
 )
 
+AUTHENTICATION_BACKENDS = [
+    'axes.backends.AxesModelBackend',
+    'django.contrib.auth.backends.ModelBackend',
+]
+
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'layerindex.restperm.ReadOnlyPermission',
@@ -241,6 +247,16 @@ PARALLEL_JOBS = "4"
 #CAPTCHA_FLITE_PATH = "/usr/bin/flite"
 #CAPTCHA_SOX_PATH = "/usr/bin/sox"
 
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+    },
+    'axes_cache': {
+        'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
+    }
+}
+AXES_CACHE = "axes_cache"
+
 # Full path to directory to store logs for dynamically executed tasks
 TASK_LOG_DIR = "/tmp/layerindex-task-logs"