[2.0.x] Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.

Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.

Backport of 359370a8b8 from master
This commit is contained in:
shanghui 2017-11-08 16:32:49 +08:00 committed by Tim Graham
parent a977ae9139
commit 36dd0126a5
3 changed files with 13 additions and 4 deletions

View File

@ -194,6 +194,15 @@ class AuthenticationForm(forms.Form):
if username is not None and password: if username is not None and password:
self.user_cache = authenticate(self.request, username=username, password=password) self.user_cache = authenticate(self.request, username=username, password=password)
if self.user_cache is None: if self.user_cache is None:
# An authentication backend may reject inactive users. Check
# if the user exists and is inactive, and raise the 'inactive'
# error if so.
try:
self.user_cache = UserModel._default_manager.get_by_natural_key(username)
except UserModel.DoesNotExist:
pass
else:
self.confirm_login_allowed(self.user_cache)
raise forms.ValidationError( raise forms.ValidationError(
self.error_messages['invalid_login'], self.error_messages['invalid_login'],
code='invalid_login', code='invalid_login',

View File

@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
Bugfixes Bugfixes
======== ========
* ... * Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).

View File

@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
) )
# To verify that the login form rejects inactive users, use an authentication
# backend that allows them.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AuthenticationFormTest(TestDataMixin, TestCase): class AuthenticationFormTest(TestDataMixin, TestCase):
def test_invalid_username(self): def test_invalid_username(self):
@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
self.assertFalse(form.is_valid()) self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])]) self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
# Use an authentication backend that allows inactive users.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
def test_custom_login_allowed_policy(self): def test_custom_login_allowed_policy(self):
# The user is inactive, but our custom form policy allows them to log in. # The user is inactive, but our custom form policy allows them to log in.
data = { data = {