mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d93730
.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
This commit is contained in:
parent
3ae9c356c5
commit
359370a8b8
@ -192,6 +192,15 @@ class AuthenticationForm(forms.Form):
|
||||
if username is not None and password:
|
||||
self.user_cache = authenticate(self.request, username=username, password=password)
|
||||
if self.user_cache is None:
|
||||
# An authentication backend may reject inactive users. Check
|
||||
# if the user exists and is inactive, and raise the 'inactive'
|
||||
# error if so.
|
||||
try:
|
||||
self.user_cache = UserModel._default_manager.get_by_natural_key(username)
|
||||
except UserModel.DoesNotExist:
|
||||
pass
|
||||
else:
|
||||
self.confirm_login_allowed(self.user_cache)
|
||||
raise self.get_invalid_login_error()
|
||||
else:
|
||||
self.confirm_login_allowed(self.user_cache)
|
||||
|
@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
|
||||
Bugfixes
|
||||
========
|
||||
|
||||
* ...
|
||||
* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
|
||||
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
|
||||
|
@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
|
||||
)
|
||||
|
||||
|
||||
# To verify that the login form rejects inactive users, use an authentication
|
||||
# backend that allows them.
|
||||
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
||||
class AuthenticationFormTest(TestDataMixin, TestCase):
|
||||
|
||||
def test_invalid_username(self):
|
||||
@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
|
||||
self.assertFalse(form.is_valid())
|
||||
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
|
||||
|
||||
# Use an authentication backend that allows inactive users.
|
||||
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
||||
def test_custom_login_allowed_policy(self):
|
||||
# The user is inactive, but our custom form policy allows them to log in.
|
||||
data = {
|
||||
|
Loading…
Reference in New Issue
Block a user