From 308f64462421b09b21ef0dcd9cc3654cc25bceba Mon Sep 17 00:00:00 2001 From: shanghui Date: Wed, 8 Nov 2017 16:32:49 +0800 Subject: [PATCH] [1.11.x] Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review. Backport of 359370a8b8ca0efe99b1d4630b291ec060b69225 from master --- django/contrib/auth/forms.py | 9 +++++++++ docs/releases/1.11.8.txt | 3 ++- tests/auth_tests/test_forms.py | 5 ++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py index 02250d83da..abfd96aeec 100644 --- a/django/contrib/auth/forms.py +++ b/django/contrib/auth/forms.py @@ -186,6 +186,15 @@ class AuthenticationForm(forms.Form): if username is not None and password: self.user_cache = authenticate(self.request, username=username, password=password) if self.user_cache is None: + # An authentication backend may reject inactive users. Check + # if the user exists and is inactive, and raise the 'inactive' + # error if so. + try: + self.user_cache = UserModel._default_manager.get_by_natural_key(username) + except UserModel.DoesNotExist: + pass + else: + self.confirm_login_allowed(self.user_cache) raise forms.ValidationError( self.error_messages['invalid_login'], code='invalid_login', diff --git a/docs/releases/1.11.8.txt b/docs/releases/1.11.8.txt index dd9d19ae19..dd9fb0c3ce 100644 --- a/docs/releases/1.11.8.txt +++ b/docs/releases/1.11.8.txt @@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7. Bugfixes ======== -* ... +* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to + raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`). diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py index 4bfc3d11e7..b82bbc58f4 100644 --- a/tests/auth_tests/test_forms.py +++ b/tests/auth_tests/test_forms.py @@ -249,9 +249,6 @@ class UserCreationFormTest(TestDataMixin, TestCase): ) -# To verify that the login form rejects inactive users, use an authentication -# backend that allows them. -@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']) class AuthenticationFormTest(TestDataMixin, TestCase): def test_invalid_username(self): @@ -310,6 +307,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase): self.assertFalse(form.is_valid()) self.assertEqual(form.non_field_errors(), [force_text(form.error_messages['inactive'])]) + # Use an authentication backend that allows inactive users. + @override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']) def test_custom_login_allowed_policy(self): # The user is inactive, but our custom form policy allows them to log in. data = {