Django-axes Errors: ‘Settings’ object has no attribute . .

I’ve run into a lot of attribute errors when using django-axes. Whenever I fix one of them by setting the default attributes, more start showing up. I followed the documentation for installation. Here is my code…

settings.py

"""
Django settings for ChatTest project.

Generated by 'django-admin startproject' using Django 3.1.1.

For more information on this file, see
https://docs.djangoproject.com/en/3.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.1/ref/settings/
"""

from pathlib import Path
import os
import django

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
if('SECRET_KEY' in os.environ):
    SECRET_KEY = os.environ["SECRET_KEY"]
if('SECRET_KEY' not in os.environ):
    SECRET_KEY = 'o1(-!s0um*rj47xv8vk@)pdq3)2c1o-et!v!rnqq3p4m(9592k'               #Secret key I use for local development 

DEBUG = True

ALLOWED_HOSTS = ['.railway.app','localhost', '127.0.0.1']

# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'channels',
    'Chat.apps.ChatConfig',
    'django_cleanup.apps.CleanupConfig',
    'axes',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'axes.middleware.AxesMiddleware',
]
X_FRAME_OPTIONS = 'DENY'

ROOT_URLCONF = 'ChatTest.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'ChatTest.wsgi.application'
ASGI_APPLICATION = 'ChatTest.routing.application'


# Database
# https://docs.djangoproject.com/en/3.1/ref/settings/#databases

if('PGDATABASE' in os.environ):
    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql_psycopg2',
            'NAME': os.environ["PGDATABASE"],
            'USER': os.environ["PGUSER"],
            'PASSWORD': os.environ["PGPASSWORD"],
            'HOST': os.environ["PGHOST"],
            'PORT': os.environ["PGPORT"],
        }
    }
if('PGDATABASE' not in os.environ):
    DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}


# Password validation
# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

AUTH_USER_MODEL = 'Chat.Account'


# Internationalization
# https://docs.djangoproject.com/en/3.1/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'Europe/Prague'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.1/howto/static-files/

STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
STATICFILES_DIR = [os.path.join(BASE_DIR, 'static')]

MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
MEDIA_URL = '/media/'

if('REDIS_URL' in os.environ):
    CHANNEL_LAYERS = {
        "default": {
            "BACKEND": "channels_redis.core.RedisChannelLayer",
            "CONFIG": {
                "hosts": [os.environ.get('REDIS_URL')],
            },
        },
    }
    CACHES = {
        "default": {
            "BACKEND": "django_redis.cache.RedisCache",
            "LOCATION": [os.environ.get('REDIS_URL')],
            "OPTIONS": {
                "CLIENT_CLASS": "django_redis.client.DefaultClient"
            }
        }
    }
if('REDIS_URL' not in os.environ):
    CHANNEL_LAYERS = {
    "default": {
        "BACKEND": "channels.layers.InMemoryChannelLayer"
    }
}

AUTHENTICATION_BACKENDS = [
    # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
    'axes.backends.AxesBackend',

    # Django ModelBackend is the default authentication backend.
    'django.contrib.auth.backends.ModelBackend',
]


SION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
CSRF_USE_SESSIONS = False  # Default: False - Store CSRF token in Session as opposed to in cookie
CSRF_COOKIE_HTTPONLY = False 

SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True

AXES_ENABLED = True 
AXES_FAILURE_LIMIT = 3  
AXES_LOCK_OUT_AT_FAILURE = True
AXES_COOLOFF_TIME = 0.1         # in hours   - now set to 6 mins

AXES_LOCKOUT_CALLABLE = "Chat.views.lockout"

AXES_USERNAME_FORM_FIELD = "username"
AXES_USERNAME_CALLABLE = None
AXES_PROXY_ORDER = "left-most"
AXES_PROXY_COUNT = None
AXES_PROXY_TRUSTED_IPS = None
AXES_ONLY_WHITELIST = False
AXES_WHITELIST_CALLABLE = None
AXES_LOCK_OUT_BY_USER_OR_IP = False

AXES_META_PRECEDENCE_ORDER = [
    'HTTP_X_FORWARDED_FOR',
    'REMOTE_ADDR',
]

django.setup()

JavaScript
​x
 
"""
Django settings for ChatTest project.
​
Generated by 'django-admin startproject' using Django 3.1.1.
​
For more information on this file, see
https://docs.djangoproject.com/en/3.1/topics/settings/
​
For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.1/ref/settings/
"""
​
from pathlib import Path
import os
import django
​
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
​
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/
​
# SECURITY WARNING: keep the secret key used in production secret!
if('SECRET_KEY' in os.environ):
    SECRET_KEY = os.environ["SECRET_KEY"]
if('SECRET_KEY' not in os.environ):
    SECRET_KEY = 'o1(-!s0um*rj47xv8vk@)pdq3)2c1o-et!v!rnqq3p4m(9592k'               #Secret key I use for local development 
​
DEBUG = True
​
ALLOWED_HOSTS = ['.railway.app','localhost', '127.0.0.1']
​
# Application definition
​
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'channels',
    'Chat.apps.ChatConfig',
    'django_cleanup.apps.CleanupConfig',
    'axes',
]
​
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'axes.middleware.AxesMiddleware',
]
X_FRAME_OPTIONS = 'DENY'
​
ROOT_URLCONF = 'ChatTest.urls'
​
TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]
​
WSGI_APPLICATION = 'ChatTest.wsgi.application'
ASGI_APPLICATION = 'ChatTest.routing.application'
​
​
# Database
# https://docs.djangoproject.com/en/3.1/ref/settings/#databases
​
if('PGDATABASE' in os.environ):
    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql_psycopg2',
            'NAME': os.environ["PGDATABASE"],
            'USER': os.environ["PGUSER"],
            'PASSWORD': os.environ["PGPASSWORD"],
            'HOST': os.environ["PGHOST"],
            'PORT': os.environ["PGPORT"],
        }
    }
if('PGDATABASE' not in os.environ):
    DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}
​
​
# Password validation
# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validators
​
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]
​
AUTH_USER_MODEL = 'Chat.Account'
​
​
# Internationalization
# https://docs.djangoproject.com/en/3.1/topics/i18n/
​
LANGUAGE_CODE = 'en-us'
​
TIME_ZONE = 'Europe/Prague'
​
USE_I18N = True
​
USE_L10N = True
​
USE_TZ = True
​
​
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.1/howto/static-files/
​
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
STATICFILES_DIR = [os.path.join(BASE_DIR, 'static')]
​
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
MEDIA_URL = '/media/'
​
if('REDIS_URL' in os.environ):
    CHANNEL_LAYERS = {
        "default": {
            "BACKEND": "channels_redis.core.RedisChannelLayer",
            "CONFIG": {
                "hosts": [os.environ.get('REDIS_URL')],
            },
        },
    }
    CACHES = {
        "default": {
            "BACKEND": "django_redis.cache.RedisCache",
            "LOCATION": [os.environ.get('REDIS_URL')],
            "OPTIONS": {
                "CLIENT_CLASS": "django_redis.client.DefaultClient"
            }
        }
    }
if('REDIS_URL' not in os.environ):
    CHANNEL_LAYERS = {
    "default": {
        "BACKEND": "channels.layers.InMemoryChannelLayer"
    }
}
​
AUTHENTICATION_BACKENDS = [
    # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
    'axes.backends.AxesBackend',
​
    # Django ModelBackend is the default authentication backend.
    'django.contrib.auth.backends.ModelBackend',
]
​
​
SION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
CSRF_USE_SESSIONS = False  # Default: False - Store CSRF token in Session as opposed to in cookie
CSRF_COOKIE_HTTPONLY = False 
​
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
​
AXES_ENABLED = True 
AXES_FAILURE_LIMIT = 3  
AXES_LOCK_OUT_AT_FAILURE = True
AXES_COOLOFF_TIME = 0.1         # in hours   - now set to 6 mins
​
AXES_LOCKOUT_CALLABLE = "Chat.views.lockout"
​
AXES_USERNAME_FORM_FIELD = "username"
AXES_USERNAME_CALLABLE = None
AXES_PROXY_ORDER = "left-most"
AXES_PROXY_COUNT = None
AXES_PROXY_TRUSTED_IPS = None
AXES_ONLY_WHITELIST = False
AXES_WHITELIST_CALLABLE = None
AXES_LOCK_OUT_BY_USER_OR_IP = False
​
AXES_META_PRECEDENCE_ORDER = [
    'HTTP_X_FORWARDED_FOR',
    'REMOTE_ADDR',
]
​
django.setup()
​

At the bottom I tried to set some of the default attributes that were causing errors. Right now, the code above results in a 'Settings' object has no attribute 'AXES_HANDLER' error.

In views.py when authenticating the user I have set request=request as the documentation said. I’ve also added a lockout function:

def lockout(request, credentials, *args, **kwargs):
    messages.error(request, "Account locked. Try again in 6 minutes")
    return redirect('index')

JavaScript
 
def lockout(request, credentials, *args, **kwargs):
    messages.error(request, "Account locked. Try again in 6 minutes")
    return redirect('index')
​

Note: I am also using a custom user model so users can log in with their email. I tested it on a different project with django-axes and everything was working well. So I don’t think that’s the issue here.

Question: How do I fix this? Is there anything I need to install or configure differently?

Answer

Currently I am also using django-axes for custom views.py login page. What I did was to include decorator @axes_dispatch on my login function. For Settings.py, ensure that AXES_USERNAME_FORM_FIELD is configured to your user credential field. For mine, im using ’email’. So its should be changed to AXES_USERNAME_FORM_FIELD='email'.

from axes.decorators import axes_dispatch

views.py

@axes_dispatch
def user_login(request):
...

settings.py
AXES_USERNAME_FORM_FIELD='email'

JavaScript
 
from axes.decorators import axes_dispatch
​
views.py
​
@axes_dispatch
def user_login(request):
...
​
settings.py
AXES_USERNAME_FORM_FIELD='email'
​
​

Advertisement

Answer