mirror of
https://github.com/django/django.git
synced 2024-12-31 21:46:05 +00:00
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d93730
.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
This commit is contained in:
parent
3ae9c356c5
commit
359370a8b8
@ -192,6 +192,15 @@ class AuthenticationForm(forms.Form):
|
|||||||
if username is not None and password:
|
if username is not None and password:
|
||||||
self.user_cache = authenticate(self.request, username=username, password=password)
|
self.user_cache = authenticate(self.request, username=username, password=password)
|
||||||
if self.user_cache is None:
|
if self.user_cache is None:
|
||||||
|
# An authentication backend may reject inactive users. Check
|
||||||
|
# if the user exists and is inactive, and raise the 'inactive'
|
||||||
|
# error if so.
|
||||||
|
try:
|
||||||
|
self.user_cache = UserModel._default_manager.get_by_natural_key(username)
|
||||||
|
except UserModel.DoesNotExist:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
self.confirm_login_allowed(self.user_cache)
|
||||||
raise self.get_invalid_login_error()
|
raise self.get_invalid_login_error()
|
||||||
else:
|
else:
|
||||||
self.confirm_login_allowed(self.user_cache)
|
self.confirm_login_allowed(self.user_cache)
|
||||||
|
@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
|
|||||||
Bugfixes
|
Bugfixes
|
||||||
========
|
========
|
||||||
|
|
||||||
* ...
|
* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
|
||||||
|
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
|
||||||
|
@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
# To verify that the login form rejects inactive users, use an authentication
|
|
||||||
# backend that allows them.
|
|
||||||
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
|
||||||
class AuthenticationFormTest(TestDataMixin, TestCase):
|
class AuthenticationFormTest(TestDataMixin, TestCase):
|
||||||
|
|
||||||
def test_invalid_username(self):
|
def test_invalid_username(self):
|
||||||
@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
|
|||||||
self.assertFalse(form.is_valid())
|
self.assertFalse(form.is_valid())
|
||||||
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
|
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
|
||||||
|
|
||||||
|
# Use an authentication backend that allows inactive users.
|
||||||
|
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
||||||
def test_custom_login_allowed_policy(self):
|
def test_custom_login_allowed_policy(self):
|
||||||
# The user is inactive, but our custom form policy allows them to log in.
|
# The user is inactive, but our custom form policy allows them to log in.
|
||||||
data = {
|
data = {
|
||||||
|
Loading…
Reference in New Issue
Block a user