Some UI for brute force protection

sal/system_settings.py

@@ -151,7 +151,7 @@
     # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
 
-LOGIN_URL='/login/'
+LOGIN_URL='/login'
 LOGIN_REDIRECT_URL='/'
 
 ROOT_URLCONF = 'sal.urls'

sal/urls.py

@@ -8,8 +8,8 @@
 
 urlpatterns = patterns('',
     # Examples:
-    url(r'^login$', 'django.contrib.auth.views.login'),
     url(r'^login/$', 'django.contrib.auth.views.login'),
+    url(r'^login$', 'django.contrib.auth.views.login'),
     url(r'^logout/$', 'django.contrib.auth.views.logout_then_login'),
     url(r'^changepassword/$', 'django.contrib.auth.views.password_change', name='password_change'),
     url(r'^changepassword/done/$', 'django.contrib.auth.views.password_change_done', name='password_change_done'),

server/templates/server/brute_unlock.html

@@ -0,0 +1,24 @@
+{% extends "base.html" %}
+{% load i18n %}
+{% load dashboard_extras %}
+
+{% block nav %}
+
+{% endblock %}
+
+{% block script %}
+
+
+{% endblock %}
+
+
+{% block content %}
+
+<div class="row">
+    <div class="col-md-10">
+        <div class="alert alert-success">Brute force protetion has been unlocked for all IPs.</div>
+    </div>
+</div>
+
+    <div class="col-md-10"><a href="{% url 'manage_users' %}" class="btn btn-primary btn-lg">Back to Users</a></div>
+{% endblock %}

server/templates/server/manage_users.html

@@ -19,6 +19,9 @@
 {% block nav %}
         <li><a href="{% url 'settings_page' %}"><i class="fa-chevron-left fa fa-fw"></i> Back</a></li>
         <li><a href="{% url 'new_user' %}"><i class="fa-plus fa fa-fw"></i>  User</i></a></li>
+        {% if brute_protect %}
+        <li><a href="{% url 'brute_unlock' %}"><i class="fa-unlock fa fa-fw"></i>  Unlock Brute Force Protection</i></a></li>
+        {% endif %}
 
 {% endblock %}
 

server/urls.py

@@ -58,6 +58,8 @@
 
     # Delete User Staff
     url(r'^settings/users/delete/(?P<user_id>.+)/', 'delete_user', name='delete_user'),
+    # unlock user
+    url(r'^settings/users/unlock/', 'brute_unlock', name='brute_unlock'),
     # Manage Users
     url(r'^settings/users/', 'manage_users', name='manage_users'),
 

server/views.py

@@ -24,6 +24,11 @@
 import pytz
 import watson
 import unicodecsv as csv
+# This will only work if BRUTE_PROTECT == True
+try:
+    import axes.utils
+except:
+    pass
 
 if settings.DEBUG:
     import logging
@@ -144,13 +149,38 @@ def manage_users(request):
     if user_level != 'GA':
         return redirect(index)
 
+    try:
+        brute_protect = settings.BRUTE_PROTECT
+    except:
+        brute_protect = False
     # We require you to be staff to manage users
     if user.is_staff != True:
         return redirect(index)
     users = User.objects.all()
-    c = {'user':request.user, 'users':users, 'request':request}
+    c = {'user':request.user, 'users':users, 'request':request, 'brute_protect':brute_protect}
     return render_to_response('server/manage_users.html', c, context_instance=RequestContext(request))
 
+# Unlock account
+@login_required
+def brute_unlock(request):
+    user = request.user
+    user_level = user.userprofile.level
+    if user_level != 'GA':
+        return redirect(index)
+
+    try:
+        brute_protect = settings.BRUTE_PROTECT
+    except:
+        brute_protect = False
+    if brute_protect == False:
+        return redirect(index)
+    # We require you to be staff to manage users
+    if user.is_staff != True:
+        return redirect(index)
+    axes.utils.reset()
+    c = {'user':request.user, 'request':request, 'brute_protect':brute_protect}
+    return render_to_response('server/brute_unlock.html', c, context_instance=RequestContext(request))
+
 # New User
 @login_required
 def new_user(request):