summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshanghui <shangdahao@gmail.com>2017-11-08 16:32:49 +0800
committerTim Graham <timograham@gmail.com>2017-11-08 09:39:12 -0500
commit359370a8b8ca0efe99b1d4630b291ec060b69225 (patch)
treedec84dbdd38f985a3a46e3d0c1e1f675e4f166cd
parent3ae9c356c5d4b89caf8343aa3ffe0a66e713c9fd (diff)
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review.
-rw-r--r--django/contrib/auth/forms.py9
-rw-r--r--docs/releases/1.11.8.txt3
-rw-r--r--tests/auth_tests/test_forms.py5
3 files changed, 13 insertions, 4 deletions
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 2c038e8111..18fca67439 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -192,6 +192,15 @@ class AuthenticationForm(forms.Form):
if username is not None and password:
self.user_cache = authenticate(self.request, username=username, password=password)
if self.user_cache is None:
+ # An authentication backend may reject inactive users. Check
+ # if the user exists and is inactive, and raise the 'inactive'
+ # error if so.
+ try:
+ self.user_cache = UserModel._default_manager.get_by_natural_key(username)
+ except UserModel.DoesNotExist:
+ pass
+ else:
+ self.confirm_login_allowed(self.user_cache)
raise self.get_invalid_login_error()
else:
self.confirm_login_allowed(self.user_cache)
diff --git a/docs/releases/1.11.8.txt b/docs/releases/1.11.8.txt
index dd9d19ae19..dd9fb0c3ce 100644
--- a/docs/releases/1.11.8.txt
+++ b/docs/releases/1.11.8.txt
@@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
Bugfixes
========
-* ...
+* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
+ raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 1832f81c1c..5d2074e33a 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
)
-# To verify that the login form rejects inactive users, use an authentication
-# backend that allows them.
-@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AuthenticationFormTest(TestDataMixin, TestCase):
def test_invalid_username(self):
@@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
+ # Use an authentication backend that allows inactive users.
+ @override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
def test_custom_login_allowed_policy(self):
# The user is inactive, but our custom form policy allows them to log in.
data = {