From 107165c4b04f4e5a830a60b6c66b2e5d8fb1d242 Mon Sep 17 00:00:00 2001 From: Alexander Gaevsky Date: Fri, 5 Feb 2016 21:03:06 +0200 Subject: [PATCH] Fixed #24987 -- Allowed inactive users to login with the test client. --- django/test/client.py | 3 +-- docs/releases/1.10.txt | 4 ++++ docs/topics/testing/tools.txt | 13 ++++++------- tests/test_client/tests.py | 10 +++++++--- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/django/test/client.py b/django/test/client.py index 61c2136b09..42b325bd14 100644 --- a/django/test/client.py +++ b/django/test/client.py @@ -599,8 +599,7 @@ class Client(RequestFactory): """ from django.contrib.auth import authenticate user = authenticate(**credentials) - if (user and user.is_active and - apps.is_installed('django.contrib.sessions')): + if user and apps.is_installed('django.contrib.sessions'): self._login(user) return True else: diff --git a/docs/releases/1.10.txt b/docs/releases/1.10.txt index d6be8e2f09..ebce5b06e5 100644 --- a/docs/releases/1.10.txt +++ b/docs/releases/1.10.txt @@ -678,6 +678,10 @@ Miscellaneous :class:`~django.contrib.auth.backends.AllowAllUsersRemoteUserBackend` in :setting:`AUTHENTICATION_BACKENDS` instead. +* In light of the previous change, the test client's + :meth:`~django.test.Client.login()` method no longer always rejects inactive + users but instead delegates this decision to the authentication backend. + .. _deprecated-features-1.10: Features deprecated in 1.10 diff --git a/docs/topics/testing/tools.txt b/docs/topics/testing/tools.txt index 8cd847f066..bc0cf98199 100644 --- a/docs/topics/testing/tools.txt +++ b/docs/topics/testing/tools.txt @@ -334,13 +334,6 @@ Use the ``django.test.Client`` class to make requests. ``login()`` method to simulate the effect of a user logging into the site. - Inactive users (:attr:`is_active=False - `) are not permitted to - login as this method is meant to be equivalent to the - :func:`~django.contrib.auth.login` view which uses - :class:`~django.contrib.auth.forms.AuthenticationForm` and therefore - defaults to rejecting users who are inactive. - After you call this method, the test client will have all the cookies and session data required to pass any login-based tests that may form part of a view. @@ -378,6 +371,12 @@ Use the ``django.test.Client`` class to make requests. :meth:`~django.contrib.auth.models.UserManager.create_user` helper method to create a new user with a correctly hashed password. + .. versionchanged:: 1.10 + + In previous versions, inactive users (:attr:`is_active=False + `) were not permitted + to login. + .. method:: Client.force_login(user, backend=None) .. versionadded:: 1.9 diff --git a/tests/test_client/tests.py b/tests/test_client/tests.py index 2ffc1d6896..6a6b5d31a2 100644 --- a/tests/test_client/tests.py +++ b/tests/test_client/tests.py @@ -432,10 +432,14 @@ class ClientTest(TestCase): self.assertFalse(login) def test_view_with_inactive_login(self): - "Request a page that is protected with @login, but use an inactive login" + """ + An inactive user may login if the authenticate backend allows it. + """ + credentials = {'username': 'inactive', 'password': 'password'} + self.assertFalse(self.client.login(**credentials)) - login = self.client.login(username='inactive', password='password') - self.assertFalse(login) + with self.settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']): + self.assertTrue(self.client.login(**credentials)) @override_settings( AUTHENTICATION_BACKENDS=[