[2.0.x] Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression ine0a3d93730
. Thanks Guilherme Junqueira for the report and Tim Graham for the review. Backport of359370a8b8
from master
This commit is contained in:
parent
a977ae9139
commit
36dd0126a5
|
@ -194,6 +194,15 @@ class AuthenticationForm(forms.Form):
|
||||||
if username is not None and password:
|
if username is not None and password:
|
||||||
self.user_cache = authenticate(self.request, username=username, password=password)
|
self.user_cache = authenticate(self.request, username=username, password=password)
|
||||||
if self.user_cache is None:
|
if self.user_cache is None:
|
||||||
|
# An authentication backend may reject inactive users. Check
|
||||||
|
# if the user exists and is inactive, and raise the 'inactive'
|
||||||
|
# error if so.
|
||||||
|
try:
|
||||||
|
self.user_cache = UserModel._default_manager.get_by_natural_key(username)
|
||||||
|
except UserModel.DoesNotExist:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
self.confirm_login_allowed(self.user_cache)
|
||||||
raise forms.ValidationError(
|
raise forms.ValidationError(
|
||||||
self.error_messages['invalid_login'],
|
self.error_messages['invalid_login'],
|
||||||
code='invalid_login',
|
code='invalid_login',
|
||||||
|
|
|
@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
|
||||||
Bugfixes
|
Bugfixes
|
||||||
========
|
========
|
||||||
|
|
||||||
* ...
|
* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
|
||||||
|
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
|
||||||
|
|
|
@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
# To verify that the login form rejects inactive users, use an authentication
|
|
||||||
# backend that allows them.
|
|
||||||
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
|
||||||
class AuthenticationFormTest(TestDataMixin, TestCase):
|
class AuthenticationFormTest(TestDataMixin, TestCase):
|
||||||
|
|
||||||
def test_invalid_username(self):
|
def test_invalid_username(self):
|
||||||
|
@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
|
||||||
self.assertFalse(form.is_valid())
|
self.assertFalse(form.is_valid())
|
||||||
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
|
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
|
||||||
|
|
||||||
|
# Use an authentication backend that allows inactive users.
|
||||||
|
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
|
||||||
def test_custom_login_allowed_policy(self):
|
def test_custom_login_allowed_policy(self):
|
||||||
# The user is inactive, but our custom form policy allows them to log in.
|
# The user is inactive, but our custom form policy allows them to log in.
|
||||||
data = {
|
data = {
|
||||||
|
|
Loading…
Reference in New Issue