Accounts

Admin

class maykin_common.accounts.admin.PreventPrivilegeEscalationMixin

Wire up the protections to prevent users from giving themselves more permissions.

By default, a Django user that has the user change permissions in the admin can change their own user account, giving out additional permissions or even make themselves superuser. Or, they can add additional users with more permissions than themselves, or change the password of more-privileged accounts to gain access that way.

This mixin prevents such mechanisms.

Example usage, in your admin.py for your (custom) user model:

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin as _UserAdmin
from django.contrib.auth.models import User

from maykin_common.accounts.admin import PreventPrivilegeEscalationMixin

# Unregister old admin
admin.site.unregister(User)


@admin.register(User)
class CustomUserAdmin(PreventPrivilegeEscalationMixin, _UserAdmin):
    pass

Views

class maykin_common.accounts.views.PasswordResetView(*args: Any, **kwargs: Any)

throttle_methods = ('get',)

throttle_name = 'password-reset'

Identifier for the throttle, used in the cache key.

throttle_period = 60

Period/time window (in seconds) in which the visits are counted.

Visits older than this window are discarded.

throttle_visits = 5

Number of allowed visits in the specified period.