I'm building Django app and implemented login function with django restframework simplejwt.
Now trying to add function to lock out users after multiple wrong login attempts.
Many people suggest django-axes package, but it only works with Django's default authentication backend, not with simplejwt's views.
Any existing python packages help for this? Otherwise, how do you implement such a function with simplejwt?
I could image a vanilla solution by adding is_locked and login_counter fields for the user model and updating them as per your logic in the login views. For example, [login-failed -> counter += 1 -> (counter>3) then is_locked=true]. Then perhaps something like [changed password -> counter = 0 and is_locked = False]. This is nothing robust and syncing/simultaneous-requests could be problem but maybe a starting point. There are methods provided by django to lock the instance until the transaction is done such as select_for_update, so you can look at that as well.