django-restit 4.2.175__py3-none-any.whl → 4.2.176__py3-none-any.whl

account/models/member.py

@@ -149,7 +149,7 @@ class Member(User, RestModel, MetaDataModel):
     display_name = models.CharField(max_length=64, blank=True, null=True, default=None)
     picture = models.ForeignKey("medialib.MediaItem", blank=True, null=True, help_text="Profile picture", related_name='+', on_delete=models.CASCADE)
 
-    # we use this token to allow us to invalidate JWT tokens 
+    # we use this token to allow us to invalidate JWT tokens
     security_token = models.CharField(max_length=64, blank=True, null=True, default=None, db_index=True)
     auth_code = models.CharField(max_length=64, blank=True, null=True, default=None, db_index=True)
     auth_code_expires = models.DateTimeField(blank=True, null=True, default=None)
@@ -263,6 +263,24 @@ class Member(User, RestModel, MetaDataModel):
             return self.has_usable_password()
         return False
 
+    def getFailedLoginCount(self):
+        c = RemoteEvents.hget("users:failed:username", self.username)
+        if c is not None:
+            return int(c)
+        return c
+
+    @classmethod
+    def GetFailedLoginsForIP(cls, ip):
+        c = RemoteEvents.hget("users:failed:ip", ip)
+        if c is not None:
+            return int(c)
+        return c
+
+    @classmethod
+    def GetIPsWithFailedLoginAttempts(cls, threshold):
+        failed_ips = RemoteEvents.hgetall("users:failed:ip")
+        return {ip: int(count) for ip, count in failed_ips.items() if int(count) > threshold}
+
     def recordFailedLogin(self, request):
         c = RemoteEvents.hincrby("users:failed:username", self.username, 1)
         if c >= settings.LOCK_PASSWORD_ATTEMPTS:
@@ -273,13 +291,15 @@ class Member(User, RestModel, MetaDataModel):
                 "account", f"incorrect password for {self.username}", level=8,
                 error_code=498,
                 request=request)
-        c = RemoteEvents.hincrby("users:failed:ip", request.ip, 1)
+        ic = RemoteEvents.hincrby("users:failed:ip", request.ip, 1)
+        return c
 
     def recordSuccessLogin(self, request):
         self.last_login = datetime.now()
         self.save()
         RemoteEvents.hdel("users:failed:username", self.username)
-        RemoteEvents.hdel("users:failed:ip", request.ip)
+        if request:
+            RemoteEvents.hdel("users:failed:ip", request.ip)
 
     def hasPasswordExpired(self):
         now = datetime.now()
@@ -288,38 +308,33 @@ class Member(User, RestModel, MetaDataModel):
             self.save()
         return now - self.password_changed > timedelta(days=settings.PASSWORD_EXPIRES_DAYS)
 
-    def login(self, password=None, request=None, use_jwt=False):
-        if not self.is_active or self.is_blocked:
-            return False
-        # can force login
+    def login(self, password=None, request=None):
         if not request:
             request = rh.getActiveRequest()
+        if not self.is_active or self.is_blocked:
+            return False
         if not self.checkPassword(password):
-            # invalid password
             self.recordFailedLogin(request)
             return False
-        else:
-            self.recordSuccessLogin(request)
-        if use_jwt:
-            self.recordSuccessLogin(request)
-            self.locateByIP(request.ip)
-            return True
-        self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
-        auth_login(request, self.user_ptr)
-        self.locateByIP(request.ip)
+        self.authLogin(request)
         return True
 
     def loginNoPassword(self, request=None):
         if not self.is_active or self.is_blocked:
             return False
-        # can force login
         if not request:
             request = rh.getActiveRequest()
-        self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
-        auth_login(request, self.user_ptr)
-        self.locateByIP(request.ip)
+        self.authLogin(request)
         return True
 
+    def authLogin(self, request, use_session=True):
+        if use_session:
+            self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
+            auth_login(request, self.user_ptr)
+        if request:
+            self.locateByIP(request.ip)
+        self.recordSuccessLogin(request)
+
     def canLogin(self, request=None, throw_exception=True, using_password=True):
         if not self.is_active:
             self.log("login_blocked", F"account is not active {self.username}", request, method="login", level=31)
@@ -577,7 +592,7 @@ class Member(User, RestModel, MetaDataModel):
         SMS.send(phone, msg)
         return True
 
-    def sendEmail(self, subject, body, attachments=[], do_async=True, template=None, 
+    def sendEmail(self, subject, body, attachments=[], do_async=True, template=None,
                   context=None):
         default_domain = self.getProperty("default_domain", settings.EMAIL_DEFAULT_DOMAIN)
         from_email = rh.getFromEmailForHost(default_domain)
@@ -675,7 +690,7 @@ class Member(User, RestModel, MetaDataModel):
             allow_email = not self.email_disabled and valid_email and (force or via in ["all", "email"])
         else:
             allow_email = valid_email
-        
+
         if not allow_email and not allow_sms:
             return False
 
@@ -796,7 +811,7 @@ class Member(User, RestModel, MetaDataModel):
     def block(self, reason, request=None):
         if not request:
             request = self.getActiveRequest()
-        PersistentLog.log("account blocked, {}".format(reason), 5, request, "account.Member", self.pk, "blocked")
+        self.auditLog(f"account blocked, {reason}", "blocked", level=5)
         RemoteEvents.hset("users:blocked:username", self.username, time.time())
         self.reportIncident(
             "account", f"account '{self.username}' blocked: {reason}", level=2,
@@ -832,7 +847,7 @@ class Member(User, RestModel, MetaDataModel):
 
     # BEGIN REST CALLBACKS
     def on_permission_change(self, key, value, old_value, category):
-        # called when a metadata.permissions field changes.. see django settings USER_METADATA_PROPERTIES 
+        # called when a metadata.permissions field changes.. see django settings USER_METADATA_PROPERTIES
         # we want to log both the person changing permissions
         # and those being changed
         request = RestModel.getActiveRequest()
@@ -865,7 +880,7 @@ class Member(User, RestModel, MetaDataModel):
         request = self.getActiveRequest()
         if not request.member.is_superuser:
             raise PermissionDeniedException("Permission Denied: attempting to super user")
-        self.is_superuser = int(value)     
+        self.is_superuser = int(value)
 
     def set_disable(self, value):
         if value is not None and value in [1, '1', True, 'true']:
@@ -1219,7 +1234,7 @@ class Member(User, RestModel, MetaDataModel):
     def authWS4RedisConnection(cls, auth_data):
         """
         This method is used by the async/websocket service to authenticate.
-        If the model can authenticate the connection it should return dict 
+        If the model can authenticate the connection it should return dict
         with kind and pk of the model that is authenticaed
         """
         from rest import UberDict
@@ -1338,5 +1353,3 @@ class AuthToken(models.Model, RestModel):
 
     def __str__(self):
         return "{o.member}: {o.secure_token}".format(o=self)
-
-

account/rpc/auth.py

@@ -55,7 +55,7 @@ def jwt_login(request):
         resp = checkForTOTP(request, member)
         if resp is not None:
             return resp
-    if not member.login(request=request, password=password, use_jwt=True):
+    if not member.login(request=request, password=password):
         # we do not want permission denied catcher invoked as it is already handled in login method
         return rv.restStatus(request, False, error=f"Invalid Credentials {username}", error_code=401)
     return on_complete_jwt(request, member, auth_method)
@@ -221,7 +221,8 @@ def member_login_uname_code(request, username, auth_code):
         member.setPassword(password)
     member.auth_code = None
     member.auth_code_expires = None
-    member.login(request=request)
+    member.canLogin(request, using_password=False)  # throws exception if cannot login
+    member.loginNoPassword(request)
     member.save()
     member.log("code_login", "code login", request, method="login", level=8)
     if request.DATA.get("auth_method") == "basic" and ALLOW_BASIC_LOGIN:
@@ -411,3 +412,12 @@ def totp_verify(request):
         return rv.restPermissionDenied(request, "invalid code")
     request.member.setProperty("totp_verified", 1)
     return rv.restStatus(request, True)
+
+
+# time based one time passwords
+@rd.urlPOST('security/ip/failed_logins')
+@rd.login_required
+def failed_logins_by_ip(request):
+    ips = am.Member.GetIPsWithFailedLoginAttempts(request.DATA.get("threshold", 10))
+    lst = [dict(ip=k, count=v) for k, v in ips.items()]
+    return rv.restList(request, lst)

{django_restit-4.2.175.dist-info → django_restit-4.2.176.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: django-restit
-Version: 4.2.175
+Version: 4.2.176
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.175.dist-info → django_restit-4.2.176.dist-info}/RECORD

@@ -31,7 +31,7 @@ account/models/device.py,sha256=8D-Sbv9PZWAnX6UVpp1lNJ03P24fknNnN1VOhqY7RVg,6306
 account/models/feeds.py,sha256=vI7fG4ASY1M0Zjke24RdnfDcuWeATl_yR_25jPmT64g,2011
 account/models/group.py,sha256=JVyMIakLskUuGXBJFyessw4LlD9Fl6AsHtpo1yZEYjk,22884
 account/models/legacy.py,sha256=zYdtv4LC0ooxPVqWM-uToPwV-lYWQLorSE6p6yn1xDw,2720
-account/models/member.py,sha256=qmLCOVbNTRr4L-E7BbOMtv4V64QN7K-0pXDgnuB-AbY,54722
+account/models/member.py,sha256=6-KbOYFyvloyiITgz5gKMyORmPtDESdzbBbMrjmz4Rs,55058
 account/models/membership.py,sha256=90EpAhOsGaqphDAkONP6j_qQ0OWSRaQsI8H7E7fgMkE,9249
 account/models/notify.py,sha256=YKYEXT56i98b7-ydLt5UuEVOqW7lipQMi-KuiPhcSwY,15627
 account/models/passkeys.py,sha256=lObapudvL--ABSTZTIELmYvHE3dPF0tO_KmuYk0ZJXc,1699
@@ -43,7 +43,7 @@ account/passkeys/__init__.py,sha256=FwXYJXwSJXfkLojGBcVpF1dFpgFhzDdd9N_3naYQ0cc,
 account/passkeys/core.py,sha256=4aUBNCuF_kjOvE1zFapK1Pj28ap5slO71dRyfnWi0YU,4148
 account/periodic.py,sha256=-u0n-7QTJgDOkasGhBAPwHAwjpqWGA-MZLEFkVTqCGU,874
 account/rpc/__init__.py,sha256=SGF0M_-H0dKh3b1apSX29BotNWAvITYccGQVC0MIjL8,336
-account/rpc/auth.py,sha256=0LUTb-dO6wk6rWitPVAXeR0IqpbX5Yw8tHM5U9QJibA,17234
+account/rpc/auth.py,sha256=MDXXhTlzTRcKB8TQ0OPawvsb0P4EeH_J3ukeSljgytk,17615
 account/rpc/device.py,sha256=lU2BHNPreHV0dDTjAPc7Sc-5m2JP8SiWVqiKuBfV7Fo,2281
 account/rpc/group.py,sha256=hw7iczZ6W_IrRbx5ZDw6cZ5I_ztqxhtUFJD9WR91_4s,4948
 account/rpc/member.py,sha256=8XnJX-iri0Om4nc-V2_tDJzfCSzziKLw6dUx9egtEZE,2236
@@ -380,7 +380,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
 rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
 rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
 rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
-rest/__init__.py,sha256=5nuojPskvcFtHA31BnuuT6Z7MtZov2YpOn2IHnzm9cw,122
+rest/__init__.py,sha256=57yJpEKX4zpzd53NtME1OKpJzJqzJxz38KVjs86WJ0g,122
 rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
 rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
 rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
@@ -400,7 +400,7 @@ rest/helpers.py,sha256=t7smlOUzchVno-zeq7xMJIwogAR2DeSrffWxgysOHX8,29531
 rest/joke.py,sha256=0PpKaX2iN7jlS62kgjfmmqkFBYLPURz15aQ8R7OJkJ8,260
 rest/jwtoken.py,sha256=F7Vvpm31rAplTXr8XFP-Lb4BnDB3j1B2nQq0P1iTCLQ,2576
 rest/log.py,sha256=hd1_4HBOS395sfXJIL6BTw9yekm1SLgBwYx_PdfIhKA,20930
-rest/mail.py,sha256=Rm40hWDYop0tMqxdN-J2NT-dCnP-f4SfCZxSO02ajzs,7965
+rest/mail.py,sha256=FFvHgNcq84sJP5DyaJQKbuoao5NAsS6r-PT4MRfjWFU,8139
 rest/mailman.py,sha256=v5O1G5s3HiAKmz-J1z0uT6_q3xsONPpxVl9saEyQQ2I,9174
 rest/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 rest/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -517,7 +517,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.175.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.175.dist-info/METADATA,sha256=DuVZg0LP0bkuNNdfm9IlJXwcpPE-O4-V6qSZYRHICTk,7714
-django_restit-4.2.175.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-django_restit-4.2.175.dist-info/RECORD,,
+django_restit-4.2.176.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.176.dist-info/METADATA,sha256=WVtqfF02L5jyZtQQoObLI57ZpcubGld7ZDyqc1vSXlg,7714
+django_restit-4.2.176.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+django_restit-4.2.176.dist-info/RECORD,,

rest/__init__.py

@@ -1,4 +1,4 @@
 from .uberdict import UberDict  # noqa: F401
 from .settings_helper import settings  # noqa: F401
 
-__version__ = "4.2.175"
+__version__ = "4.2.176"

rest/mail.py

@@ -37,11 +37,16 @@ SES_REGION = settings.SES_REGION
 EMAIL_METRICS = settings.get("EMAIL_METRICS", False)
 
 
-def send(to, subject, body=None, attachments=[], 
+def send(to, subject, body=None, attachments=[],
          from_email=settings.DEFAULT_FROM_EMAIL,
-         fail_silently=True, template=None, 
+         fail_silently=True, template=None,
          context=None, do_async=False, replyto=None):
     # make sure to is list
+    if isinstance(to, str):
+        if "," in to:
+            to = [t.strip() for t in to.split(',')]
+        elif ";" in to:
+            to = [t.strip() for t in to.split(';')]
     if not isinstance(to, (tuple, list)):
         to = [to]
     # if template lets render
@@ -254,5 +259,3 @@ def render_to_mail(name, context):
         body = html_content
 
     send(toaddrs, subject, body=body, from_email=fromaddr, do_async=True, replyto=replyto)
-
-