From 063d2342f93747cfae2918637d951af8b67256d1 Mon Sep 17 00:00:00 2001
From: Tamas Szabo <tszabo@ccg.murdoch.edu.au>
Date: Fri, 11 Aug 2017 16:43:57 +0300
Subject: [PATCH] Exception is raised when LOGIN_FAILURE_LIMIT is reached for
 user that doesn't exit

Fixes #25
---
 useraudit/backend.py       |  6 +++---
 useraudit_testapp/tests.py | 10 +++++++++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/useraudit/backend.py b/useraudit/backend.py
index aee1140..699dcbf 100644
--- a/useraudit/backend.py
+++ b/useraudit/backend.py
@@ -38,15 +38,15 @@ def authenticate(self, **credentials):
         UserModel = get_user_model()
         self.username = credentials.get(UserModel.USERNAME_FIELD)
         self.login_logger.log_failed_login(self.username, get_request())
-        self.login_attempt_logger.increment(self.username)
-        self.block_user_if_needed()
+        if self._get_user() is not None:
+            self.login_attempt_logger.increment(self.username)
+            self.block_user_if_needed()
 
         return None
 
     def block_user_if_needed(self):
         if not self.is_login_failure_limit_enabled():
             return
-        logger.debug("Login failure limit is enabled")
         if self.is_attempts_exceeded():
             self._deactivate_user()
             user = self._get_user()
diff --git a/useraudit_testapp/tests.py b/useraudit_testapp/tests.py
index cb27c58..901a39a 100644
--- a/useraudit_testapp/tests.py
+++ b/useraudit_testapp/tests.py
@@ -409,12 +409,20 @@ def test_user_deactivation_saved_when_login_failure_limit_reached(self):
         self.assertIsNotNone(ud)
         self.assertEquals(ud.reason, UserDeactivation.TOO_MANY_FAILED_LOGINS)
 
+    def test_user_deactivation_NOT_saved_when_login_failure_limit_reached_but_username_does_NOT_exist(self):
+        username = 'doesnotexit'
+        _ = authenticate(username=username, password="INCORRECT")
+        _ = authenticate(username=username, password="INCORRECT")
+        u = authenticate(username=username, password=self.password)
+        uds = UserDeactivation.objects.filter(username=username).count()
+        self.assertIsNone(u)
+        self.assertEquals(uds, 0)
+
     def test_failure_counter_reset_when_reactivated(self):
         _ = authenticate(username=self.username, password="INCORRECT")
         _ = authenticate(username=self.username, password="INCORRECT")
         _ = authenticate(username=self.username, password="INCORRECT")
         # User is inactive now
-
         # Reactivate user
         self.user.is_active = True
         self.user.save()