1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.

Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.
This commit is contained in:
shanghui 2017-11-08 16:32:49 +08:00 committed by Tim Graham
parent 3ae9c356c5
commit 359370a8b8
3 changed files with 13 additions and 4 deletions

View File

@ -192,6 +192,15 @@ class AuthenticationForm(forms.Form):
if username is not None and password:
self.user_cache = authenticate(self.request, username=username, password=password)
if self.user_cache is None:
# An authentication backend may reject inactive users. Check
# if the user exists and is inactive, and raise the 'inactive'
# error if so.
try:
self.user_cache = UserModel._default_manager.get_by_natural_key(username)
except UserModel.DoesNotExist:
pass
else:
self.confirm_login_allowed(self.user_cache)
raise self.get_invalid_login_error()
else:
self.confirm_login_allowed(self.user_cache)

View File

@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
Bugfixes
========
* ...
* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).

View File

@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
)
# To verify that the login form rejects inactive users, use an authentication
# backend that allows them.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AuthenticationFormTest(TestDataMixin, TestCase):
def test_invalid_username(self):
@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
# Use an authentication backend that allows inactive users.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
def test_custom_login_allowed_policy(self):
# The user is inactive, but our custom form policy allows them to log in.
data = {