summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshanghui <shangdahao@gmail.com>2017-11-08 16:32:49 +0800
committerTim Graham <timograham@gmail.com>2017-11-08 09:52:27 -0500
commit308f64462421b09b21ef0dcd9cc3654cc25bceba (patch)
tree65cbf0aacf7a2598ec9e5a31117f8bac10ce2fa6
parentd9b457d906a55a7473f5727fe24cd4b0141f8b5f (diff)
[1.11.x] Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review. Backport of 359370a8b8ca0efe99b1d4630b291ec060b69225 from master
-rw-r--r--django/contrib/auth/forms.py9
-rw-r--r--docs/releases/1.11.8.txt3
-rw-r--r--tests/auth_tests/test_forms.py5
3 files changed, 13 insertions, 4 deletions
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 02250d83da..abfd96aeec 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -186,6 +186,15 @@ class AuthenticationForm(forms.Form):
if username is not None and password:
self.user_cache = authenticate(self.request, username=username, password=password)
if self.user_cache is None:
+ # An authentication backend may reject inactive users. Check
+ # if the user exists and is inactive, and raise the 'inactive'
+ # error if so.
+ try:
+ self.user_cache = UserModel._default_manager.get_by_natural_key(username)
+ except UserModel.DoesNotExist:
+ pass
+ else:
+ self.confirm_login_allowed(self.user_cache)
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
diff --git a/docs/releases/1.11.8.txt b/docs/releases/1.11.8.txt
index dd9d19ae19..dd9fb0c3ce 100644
--- a/docs/releases/1.11.8.txt
+++ b/docs/releases/1.11.8.txt
@@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
Bugfixes
========
-* ...
+* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
+ raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 4bfc3d11e7..b82bbc58f4 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -249,9 +249,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
)
-# To verify that the login form rejects inactive users, use an authentication
-# backend that allows them.
-@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AuthenticationFormTest(TestDataMixin, TestCase):
def test_invalid_username(self):
@@ -310,6 +307,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(), [force_text(form.error_messages['inactive'])])
+ # Use an authentication backend that allows inactive users.
+ @override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
def test_custom_login_allowed_policy(self):
# The user is inactive, but our custom form policy allows them to log in.
data = {