1

I am trying to create an application in which users are locked out from logging in due to too many failed login attempts.

To this end, if there are 5 failed logins within 5 minutes, a Lockout object is created, and the user is deactivated (is_active=False).

However, when this Lockout object is deleted, the user should be immediately made active again (is_active=True).

To do this, I must override the delete() function for the Lockout model so as to activate the user upon deletion. This code, which I think follows documentation, isn't working:

def delete(self):
        self.user.is_active = True
        self.user.save()
        super(Lockout, self).delete()

I was wondering if this was the proper way to do this?

Thanks a lot.

Improve this question
0

1 Answer 1

Reset to default
3

That's the correct way to do it. The problem you're having is that you're trying to delete via a QuerySet, which does not invoke the model methods. You will need to .filter(), then iterate through it calling .delete() on each model.

But it would probably be easier to create a new auth backend that checked for a lockout instead of going through these acrobatics.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you! That makes sense; deleting through the admin interface does not invoke my custom delete() function in models.py.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.