Allow to use django-axes to prevent brute force attacks on API (!2231) · Merge requests · castellum / castellum

Bengfort requested to merge api-axes into main Jan 24, 2022

Our docker image comes with django-axes to prevent brute force attacks on login. TO achive that, it listens to the user_login_failed signal.

Since our API views use tokens for authentication instead of login they were not covered. I fixed that by sending the user_login_failed signal from APIAuthMixin.

Allow to use django-axes to prevent brute force attacks on API

Merge request reports