profile
viewpoint
Ken Cochrane kencochrane Maine http://KenCochrane.net Software developer living in southern Maine.

jazzband/django-defender 379

A simple super fast django reusable app that blocks people from brute forcing login attempts

kencochrane/django-docker 192

Demo Django App using Docker

kencochrane/django-intercom 42

Django application for integrating with intercom.io, See README.rst or view the docs at http://django-intercom.readthedocs.org

kencochrane/docker-digitalocean-ansible 30

Ansible script for creating the docker image on digital ocean

kencochrane/bowie 16

ReStructuredTest Editor for Mac OSX

kencochrane/django-cms-heroku 14

django cms project for Heroku

kencochrane/django-cms-openshift 8

django cms project for Red hat's OpenShift PAAS

getsentry/sentry-pagerduty 3

Sentry plugin for integrating with PagerDuty

kencochrane/django-cms-stackato 3

django cms project for Stackato

kencochrane/boston-bombing-photos 2

Website to upload photos from the boston marathon bombing. We will then send them along to the FBI.

pull request commentjazzband/django-defender

Update for django 3.x

Thank you for the PR, I'm a little busy right now so I can't fully review until this weekend. But what I see so far LGTM.

deeprave

comment created time in 10 days

push eventkencochrane/django-intercom

dependabot[bot]

commit sha bc53411a436e109e01b3174520cbe3a9cf2552a5

Bump django from 2.0.13 to 2.2.10 in /requirements (#38) Bumps [django](https://github.com/django/django) from 2.0.13 to 2.2.10. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/2.0.13...2.2.10) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 10 days

PR merged kencochrane/django-intercom

Bump django from 2.0.13 to 2.2.10 in /requirements dependencies

Bumps django from 2.0.13 to 2.2.10. <details> <summary>Commits</summary>

  • b2c33a5 [2.2.x] Bumped version for 2.2.10 release.
  • c67a368 [2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
  • 96d6443 [2.2.x] Fixed timezones tests for PyYAML 5.3+.
  • 813b33e [2.2.x] Added CVE-2019-19844 to the security archive.
  • e728612 [2.2.x] Post-release version bump.
  • c494d90 [2.2.x] Bumped version for 2.2.9 release.
  • 4d334be [2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset r...
  • 86befcc [2.2.x] Refs #31073 -- Added release notes for 02eff7ef60466da108b1a33f1e4dc0...
  • f33be1e [2.2.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating a...
  • e8b0903 [2.2.x] Fixed #31006 -- Doc'd backslash escaping in date/time template filters.
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

issue commentjazzband/django-defender

Support for Django 3.0

@deeprave Thank you for the heads up, I don't know of anyone else working on this issue, so if you can submit the PR when it is ready, that would be awesome. Let us know if you have any questions, or need any help.

deeprave

comment created time in 13 days

issue commentjazzband/django-defender

Support for other LOGIN_URLs

@muneeba-mughal I'm glad you figured it out, If you can give us an example of how you fixed it, we can add it to the docs. Even better, if you could submit a PR to add it to the docs that would be wonderful.

muneeba-mughal

comment created time in 13 days

startedairbnb/dynein

started time in 24 days

issue commentjazzband/django-defender

Support for redis>=3

@simoncrowe it should work fine with Redis 3. If you it, and it didn't work, please let us know what happened so we can fix it.

simoncrowe

comment created time in 2 months

startedsirupsen/logrus

started time in 2 months

issue commentjazzband/django-defender

Implement Jazzband guidelines for django-defender

@jezdez I’m not sure. I don’t work there anymore so it is hard to know. I’ll see if I can find out.

jazzband-bot

comment created time in 3 months

issue closedjazzband/django-defender

Implement Jazzband guidelines for django-defender

This issue tracks the implementation of the Jazzband guidelines for the project django-defender

It was initiated by @kencochrane who was automatically assigned in addition to the Jazzband roadies.

See the TODO list below for the generally required tasks, but feel free to update it in case the project requires it.

Feel free to ping a Jazzband roadie if you have any question.

TODOs<a name="todos"></a>

  • [x] Fix all links in the docs (and README file etc) from old to new repo

  • [x] Add the Jazzband badge to the README file

  • [x] Add the Jazzband contributing guideline to the CONTRIBUTING.md or CONTRIBUTING.rst file

  • [x] Check if continuous testing works (e.g. Travis CI, CircleCI, AppVeyor, etc)

  • [x] Check if test coverage services work (e.g. Coveralls, Codecov, etc)

  • [x] Add jazzband account to PyPI project as maintainer role (e.g. URL: https://pypi.org/manage/project/django-defender/collaboration/)

  • [x] Add jazzband-bot as maintainer to the Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-defender/users/)

  • [x] Add incoming GitHub webhook integration to Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-defender/integrations/)

  • [x] Fix project URL in GitHub project description

  • [x] Decide who is project lead for the project (if at all)

  • [x] Set up CI for Jazzband project releases if needed and open ticket if yes

  • [x] Review project if other services are used and port them to Jazzband

Project details

<table> <caption></caption> <tr> <td>Description</td> <td>A simple super fast django reusable app that blocks people from brute forcing login attempts</td> </tr> <tr> <td>Homepage</td> <td></td> </tr> <tr> <td>Stargazers</td> <td>353</td> </tr> <tr> <td>Open issues</td> <td>9</td> </tr> <tr> <td>Forks</td> <td>69</td> </tr> <tr> <td>Default branch</td> <td>master</td> </tr> <tr> <td>Is a fork</td> <td>False</td> </tr> <tr> <td>Has Wiki</td> <td>True</td> </tr> <tr> <td>Has Pages</td> <td>False</td> </tr> </table>

closed time in 3 months

jazzband-bot

issue commentjazzband/django-defender

Implement Jazzband guidelines for django-defender

Awesome, thank you @aleksihakli and @jezdez closing now.

jazzband-bot

comment created time in 3 months

issue commentjazzband/django-defender

Implement Jazzband guidelines for django-defender

OK, let me know if you need anything else from me, or if you have any questions. Thanks again!

jazzband-bot

comment created time in 3 months

issue commentjazzband/django-defender

Implement Jazzband guidelines for django-defender

@aleksihakli thanks for all of the help. Is there any outstanding task that are waiting for me or that I need to do at this point?

jazzband-bot

comment created time in 3 months

startedTwilioDevEd/automated-survey-django

started time in 3 months

push eventjazzband/django-defender

Aleksi Häkli

commit sha eb4f2ef94b0ba1c02f2dae714b86ccebe9b7cb2a

Initial documentation shims

view details

push time in 3 months

PR merged jazzband/django-defender

Initial Read the Docs Sphinx shims

This adds the initial Sphinx shims so that Read the Docs can generate a documentation site.

Further setup is required for the actual content, this PR only aims to setup correct infrastructure for building the docs.

Fixes #139 Relates #138

+95 -0

0 comment

3 changed files

aleksihakli

pr closed time in 3 months

issue closedjazzband/django-defender

Read the Docs integration

As indicated in #121 and #138 a Read the Docs page and integration would be nice for the repository. Initial integration can be done with sphinx-quickstart.

@kencochrane is probably the best person for creating the initial Read the Docs page as the maintainer, and adding the Jazzband bot into the project, and after that we can set up the documentation pipeline and webhooks.

The project can be imported into RTD here (manual import probably works best):

https://readthedocs.org/dashboard/import/

The docs need a version tag that is tied to the repository as well as a Python version set up. It would probably be nice to set the documentation target up as Python 3, as the official Python 2.7 deprecation is coming up in just a month?

closed time in 3 months

aleksihakli

push eventjazzband/django-defender

Aleksi Häkli

commit sha d27bd9511925d7c8555824177aec085ace40bc6e

Remove .landscape.yaml as service is defunct

view details

push time in 3 months

push eventjazzband/django-defender

Aleksi Häkli

commit sha ef3673cd4fce4d6da1adb4d081d35a4019ee8d12

Add Python 3.7, 3.8 and PyPy3 to test version matrix

view details

Aleksi Häkli

commit sha 01dd2bc3548af086189f9927e00795888c896127

Wrap Celery version specifier in quotes

view details

push time in 3 months

issue commentjazzband/django-defender

Implement Jazzband guidelines for django-defender

@aleksihakli yeah that sounds good, automating deployments would be great.

jazzband-bot

comment created time in 3 months

pull request commentjazzband/django-defender

Update README

merging since the checks that failed are unrelated to the README file changes.

aleksihakli

comment created time in 3 months

push eventjazzband/django-defender

Aleksi Häkli

commit sha d6e905706b8ef77e5cff9998e5045221a02c52d3

Update README - Remove non-functional Landscape.io badge (site is unreachable) - Add Jazzband badge - Update title styling - Update code examples for Django version compatibility

view details

Aleksi Häkli

commit sha cafa92860e6134a5f24db555a70cd4a0a503d89d

Remove deprecated empty first URL

view details

push time in 3 months

PR merged jazzband/django-defender

Update README
  • Remove non-functional Landscape.io badge (site is unreachable)
  • Add Jazzband badge
  • Update title styling
  • Update code examples for Django version compatibility
+54 -36

0 comment

1 changed file

aleksihakli

pr closed time in 3 months

issue commentjazzband/django-defender

Read the Docs integration

Thank you @aleksihakli and @jezdez

aleksihakli

comment created time in 3 months

push eventjazzband/django-defender

Aleksi Häkli

commit sha f439b7b647339aef55ad5869450a29a721e01d60

Create CONTRIBUTING guidelines

view details

push time in 4 months

push eventjazzband/django-defender

Aleksi Häkli

commit sha da7aa9d41b5f1b10f75745d36b7da8a86403d9a0

Update README links

view details

push time in 4 months

push eventjazzband/django-defender

Ken Cochrane

commit sha e7f7cba6c53381962640c7de116fccb5e1e2726c

Create .fussyfox.yml Added the `.fussyfox.yml` file

view details

push time in 4 months

issue closedjazzband-roadies/help

Proposal: django-defender

Hello, @aleksihakli has suggested that I move https://github.com/kencochrane/django-defender/ over to Jazzband, and this issue is to discuss if you are interested in accepting the project.

This discussion originated here: https://github.com/kencochrane/django-defender/issues/121

I looked over the guidelines and they look good, and the project has most of the requirements already and only needs a few changes before it can be moved over.

  • Move docs from README to sphinx docs and setup ReadTheDocs integration
  • Add a contributors file to the repo.

If you decide to accept django-defender then we can look at making the required changes.

Let me know if you have any questions.

closed time in 4 months

kencochrane

issue commentjazzband-roadies/help

Proposal: django-defender

I transferred over the repo, I'll close this issue since it is complete, and we can work off the new issue that was auto-created in the defender repo.

kencochrane

comment created time in 4 months

issue commentjazzband/django-defender

Duplicate project functionality between django-axes and django-defender

@jezdez Thank you, and I understand about being super busy, so no worries there. I just transferred the repo over to jazzband, so step 1 is done. a few more to go :)

aleksihakli

comment created time in 4 months

issue commentjazzband-roadies/help

Proposal: django-defender

@jezdez thank you!

kencochrane

comment created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

@aleksihakli I haven't seen any progress on the issue I created on the jazzband-roadies repo. Is it normal that no news is good news, or should there be a formal acceptance before I move forward?

It looks like a few things that we need to do before we can move are create some sphinx docs, setup read the docs integration and then add a contributors file. If you can help with any of those, that would be great.

aleksihakli

comment created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

@aleksihakli thanks, I submitted the issue, let's see what they say.

aleksihakli

comment created time in 4 months

issue openedjazzband-roadies/help

Proposal: django-defender

Hello, @aleksihakli has suggested that I move https://github.com/kencochrane/django-defender/ over to Jazzband, and this issue is to discuss if you are interested in accepting the project.

This discussion originated here: https://github.com/kencochrane/django-defender/issues/121

I looked over the guidelines and they look good, and the project has most of the requirements already and only needs a few changes before it can be moved over.

  • Move docs from README to sphinx docs and setup ReadTheDocs integration
  • Add a contributors file to the repo.

If you decide to accept django-defender then we can look at making the required changes.

Let me know if you have any questions.

created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

@aleksihakli sounds good, do you want to create the ticket on the jazzband help, or should I?

aleksihakli

comment created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

@aleksihakli and @jezdez Thanks for the info, I reviewed the guidelines and I think we are a good fit. The only thing that we don't have right now is a CONTRIBUTING.md file which we will have to create and add. Our docs right now are just a big README file, if we need to make that more formal, that would require a little bit of work. The release process seems fine as well.

At this point would I need to fix the outstanding issues now before we transfer, or after the transfer is complete? Should we create a ticket to discuss this before we move forward with a transfer?

aleksihakli

comment created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

OK, I have joined the jazzband github org, should I transfer the project now, or wait?

aleksihakli

comment created time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

Sorry for the delay, work has been busy. I'm OK with moving it over to jazzband. I guess we just need to go over what we need to do. I'm guessing step one would be to move the project in github, and then we can go from there?

aleksihakli

comment created time in 4 months

startednicolaka/netshoot

started time in 4 months

issue commentkencochrane/django-defender

Duplicate project functionality between django-axes and django-defender

To be honest I'm not sure. What do others think? Would that mean we shut down defender and tell people to move to axes?

aleksihakli

comment created time in 4 months

issue commentkencochrane/django-defender

get remaining time for back to login page in DEFENDER_LOCKOUT_TEMPLATE ???

You would need to use the TTL command on Redis to get the Time left for the block for the given Redis key. Either IP or username.

Then you need to add the value to the template context here: https://github.com/kencochrane/django-defender/blob/ce95906488676a44cebd34262426a21303d5dead/defender/utils.py#L293

Which is called in this method here: https://github.com/kencochrane/django-defender/blob/2251c298a9904ad13d69b711ef939dd6b54f84b1/defender/decorators.py#L22 and here https://github.com/kencochrane/django-defender/blob/2251c298a9904ad13d69b711ef939dd6b54f84b1/defender/decorators.py#L52

currently utils.lockout_response doesn't take that parameter so you would need an update so that it passes in the time left parameter

To keep things simple you could change is_already_locked to return if it is already locked and if so the TTL for the item.

One thing to consider is that someone can be blocked by the IP or the username, so you would need to return the one that has the highest value because they won't be allowed through until both of them are no longer blocking.

kavehcs

comment created time in 5 months

delete branch kencochrane/django-defender

delete branch : mock_redis

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : update_0.4.3

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : remove_admin_filter

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : version_0.4.1

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : update_travis_settings

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : add_ip_blocking_feature

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : bump-django-1.8

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : add_management_command

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : 32_fix

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : add_celery

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : cleanuo

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : new-admin

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : bug-fix-josh

delete time in 5 months

delete branch kencochrane/django-defender

delete branch : empty_username_fix

delete time in 5 months

issue closedkencochrane/django-defender

username_block_signal send multiple times

When blocking a user a signal is send in defender/utils.py:block_username https://github.com/kencochrane/django-defender/blob/master/defender/utils.py#L197

However, this happens on every call of defender/utils.py:record_failed_attemp in https://github.com/kencochrane/django-defender/blob/master/defender/utils.py#L218 even though the user was already blocked before.

For instance, I want to send an email informing the user (if present) that she was blocked and this results into an email for each blocked login.

Is this on purpose?

closed time in 5 months

horida

issue commentkencochrane/django-defender

username_block_signal send multiple times

completed with #137 thanks @horida and @williamboman

horida

comment created time in 5 months

push eventkencochrane/django-defender

horida

commit sha ce95906488676a44cebd34262426a21303d5dead

send user/ip blocked signal only once

view details

push time in 5 months

PR merged kencochrane/django-defender

send user/ip blocked signal only once

Only send the username/IP blocked signal if the user/IP is actually blocked.

Like this multiple sending of the signal is avoid. The block is set even though to avoid race conditions. There is still a slight chance the signal is send twice, but that should be OK.

+34 -2

2 comments

2 changed files

horida

pr closed time in 5 months

push eventkencochrane/biddefordpainting.com

Ken Cochrane

commit sha 0be09efbb69af4668cd5bd0bd1610ec2c3355ad4

Added Birdeye embed Added birdeye embed snippet to the home page.

view details

push time in 5 months

issue commentkencochrane/django-defender

get remaining time for back to login page in DEFENDER_LOCKOUT_TEMPLATE ???

Are you asking how to get the value, or if it is available? I don't think it is currently available, there would need to be a code change to expose that.

kavehcs

comment created time in 5 months

push eventkencochrane/django-defender

horida

commit sha fcfa88d67905a9534a143f5ebeab35148593e534

Add unblock signals

view details

push time in 5 months

PR merged kencochrane/django-defender

Add unblock signals

Add signals send when a username or an ip is unblocked.

+40 -2

2 comments

3 changed files

horida

pr closed time in 5 months

issue commentkencochrane/django-defender

username_block_signal send multiple times

@horida good question, I would suspect that we only need it the first time, but I'm not sure if there is a use case where someone wants to know every time.

@williamboman wrote that functionality, so let's ask them. @williamboman do you see any issue if we only send the blocking signal when it is blocked and not after every invalid login?

Maybe we need to have a different signal for invalid login that happens every time, and then only trigger the blocked username/ip when it is blocked.

Open to ideas/suggestions.

horida

comment created time in 5 months

pull request commentkencochrane/django-defender

Add unblock signals

LGTM, thank you.

horida

comment created time in 5 months

more