Fixed #1991 -- Changed AuthenticationForm to disallow users with is_active=False from logging in. Thanks, dave@rightround.com and germish@gmail.com

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3058 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-02 04:42:10 +00:00 · 2006-06-02 04:42:10 +00:00 · 16a07fe95b
parent bd5b35069b
commit 16a07fe95b
1 changed files with 5 additions and 1 deletions
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@ -36,9 +36,13 @@ class AuthenticationForm(forms.Manipulator):
            raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")

    def isValidPasswordForUser(self, field_data, all_data):
-        if self.user_cache is not None and not self.user_cache.check_password(field_data):
+        if self.user_cache is None:
+            return
+        if not self.user_cache.check_password(field_data):
            self.user_cache = None
            raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
+        elif not self.user_cache.is_active:
+            raise validators.ValidationError, _("This account is inactive.")

    def get_user_id(self):
        if self.user_cache: