mirror of
git://git.yoctoproject.org/layerindex-web.git
synced 2025-07-19 20:59:01 +02:00
d215e2899a
We use django-axes to lock out IP addresses after a set number of attempts at logging in, and separately we use django-reversion to record change history. As part of the history tracking, the default behaviour of django-reversion is to wrap all POST requests in "with transaction.atomic()", with the result that if an exception is raised any changes get rolled back; unfortunately when authentication fails for the final time, axes updates the database and then raises PermissionDenied - with the result that the database changes are rolled back, and the user's IP is not locked out, in fact it can never be locked out. To work around this, disable the atomic mode on ReversionMiddleware using a subclass. (I don't like having to do this, but this is the quickest solution for now.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> |
||
|---|---|---|
| .. | ||
| migrations | ||
| static | ||
| templatetags | ||
| tools | ||
| __init__.py | ||
| admin.py | ||
| auth_forms.py | ||
| auth_views.py | ||
| bulkchange.py | ||
| context_processors.py | ||
| forms.py | ||
| layerconfparse.py | ||
| middleware.py | ||
| models.py | ||
| querysethelper.py | ||
| recipedesc.py | ||
| recipeparse.py | ||
| restperm.py | ||
| restviews.py | ||
| securityquestions.py | ||
| tasks.py | ||
| update_layer.py | ||
| update.py | ||
| urls_branch.py | ||
| urls.py | ||
| utils.py | ||
| views.py | ||