mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #24987 -- Allowed inactive users to login with the test client.

Browse Source
This commit is contained in:
Alexander Gaevsky
2016-02-05 21:03:06 +02:00
committed by Tim Graham
parent e0a3d93730
commit 107165c4b0
4 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/test_client/tests.py
View File

@@ -432,10 +432,14 @@ class ClientTest(TestCase):
self.assertFalse(login)
def test_view_with_inactive_login(self):
"Request a page that is protected with @login, but use an inactive login"
"""
An inactive user may login if the authenticate backend allows it.
"""
credentials = {'username': 'inactive', 'password': 'password'}
self.assertFalse(self.client.login(**credentials))
login = self.client.login(username='inactive', password='password')
self.assertFalse(login)
with self.settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']):
self.assertTrue(self.client.login(**credentials))
@override_settings(
AUTHENTICATION_BACKENDS=[