Django login with django-axes

I created a site with django. Users should be able to login. The login-view looks like this:

from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
....
if request.method == 'POST':       
        username = request.POST['username']#get username
        password = request.POST['txtPwd']# and password 
        user = authenticate(username=username, password=password) #checking username and pwd
        if user is not None:
            if user.is_active:
                login(request, user)

But with this “solution” i can’t handle an brute force attack. So I looked around and found this:
Throttling brute force login attacks in Django

The first answer was helpful. I choosed django-axes because django-ratelimit count only the amout of calling a view.

But here is my problem: When i try to login with wrong password it doesn’t count the failure. (Only at the /admin-section).

I found no option to “add” my login-view to django-axes.

So here is my question:

How can I configure django-axes to handle the failed logins from my login-view?

EDIT:
Here is my settings-file:

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'axes',
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'axes.middleware.FailedLoginMiddleware'
)

...

AXES_LOCK_OUT_AT_FAILURE = False
AXES_USE_USER_AGENT = True
AXES_COOLOFF_TIME = 1
AXES_LOGIN_FAILURE_LIMIT = 50

Best answer

By default django-axes used django’s login view (django.contrib.auth.views.login). In middleware this view decorate with watch_login.

So you can solve your issue in two ways:

  • use standart login view. In this way django-axis does not require additional setup.
  • decorate your’s login view with watch_login decorator.

For example:

views.py

from axes.decorators import watch_login
...

@watch_login
def your_custom_login_view(request):
    ...