最近接到一个需求说的是后台登陆5分钟限制3次错误登陆下面是具体步骤
1.更改项目原本的admin路由
urls.py所做修改:
from .views import admin_site
urlpatterns = [
#url(r'^admin/', admin.site.urls)
url(r'^admin/', admin_site.urls),
]
2.重写逻辑
views所作修改:
from django.contrib.admin import AdminSite
from django.contrib.admin.forms import AdminAuthenticationForm
class CustomAdminAuthenticationForm(AdminAuthenticationForm):
if self.request.POST.get("login_frequently", ""):
raise forms.ValidationError(
_(u"登陆过于频繁,请稍后再尝试登陆."),
code='login_frequently',
)
return super(CustomAdminAuthenticationForm,self).clean()
class CustomAdminSite(AdminSite):
login_form = CustomAdminAuthenticationForm
def login(self, request, extra_context=None):
if request.method == "POST":
request.POST._mutable = True #这个的作用是可以修改post里面的内容
password = request.POST.get("password","")
username = request.POST.get("username","")
ip = request.META.get('REMOTE_ADDR')
failed_attempts_key = 'failed_attempts_{0}'.format(ip)
max_failed_attempts = 3
visit_count = cache.get(failed_attempts_key)
if visit_count >= max_failed_attempts:
# 用户已经超过最大失败次数,显示错误消息
request.POST["login_frequently"] = True
#我这个为了方便传递错误消息给login_form
#这里可以自己自定义抛出错误
if not authenticate(request, username=username, password=md5password):
cache.get(failed_attempts_key) = visit_count + 1
else:
pass
return super(CustomAdminSite,self).login(request,extra_context)
最后需要做个修改 重写admin后之前默认注册的模型不会 经过重写的路由所以会出现模型访问错误
admin_site = CustomAdminSite(name='customadmin')
for model, admin_instance in admin.site._registry.items():
admin_site.register(model, type(admin_instance))