summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-07-30 08:24:13 -0400
committerTim Graham <timograham@gmail.com>2013-07-31 13:54:05 -0400
commita1889397a9f0e6a35189de455098b4c70923e561 (patch)
tree64de1b37a3827109199391e8b5bc474f6390d9c1 /docs
parent1c3c21b38d154eff0286c194711dced2ac39dd3d (diff)
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
Thanks ejucovy and lasko for work on the patch.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.7.txt4
-rw-r--r--docs/topics/auth/default.txt34
2 files changed, 38 insertions, 0 deletions
diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt
index 0951cd3058..b75fd89f4c 100644
--- a/docs/releases/1.7.txt
+++ b/docs/releases/1.7.txt
@@ -101,6 +101,10 @@ Minor features
:class:`~django.middleware.http.ConditionalGetMiddleware` to handle
conditional ``GET`` requests for sitemaps which set ``lastmod``.
+* You can override the new :meth:`AuthenticationForm.confirm_login_allowed()
+ <django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed>` method
+ to more easily customize the login policy.
+
Backwards incompatible changes in 1.7
=====================================
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index b7f679bf28..25fe262b56 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -959,6 +959,40 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
Takes ``request`` as its first positional argument, which is stored on the
form instance for use by sub-classes.
+ .. method:: confirm_login_allowed(user)
+
+ .. versionadded:: 1.7
+
+ By default, ``AuthenticationForm`` rejects users whose ``is_active`` flag
+ is set to ``False``. You may override this behavior with a custom policy to
+ determine which users can log in. Do this with a custom form that subclasses
+ ``AuthenticationForm`` and overrides the ``confirm_login_allowed`` method.
+ This method should raise a :exc:`~django.core.exceptions.ValidationError`
+ if the given user may not log in.
+
+ For example, to allow all users to log in, regardless of "active" status::
+
+ from django.contrib.auth.forms import AuthenticationForm
+
+ class AuthenticationFormWithInactiveUsersOkay(AuthenticationForm):
+ def confirm_login_allowed(self, user):
+ pass
+
+ Or to allow only some active users to log in::
+
+ class PickyAuthenticationForm(AuthenticationForm):
+ def confirm_login_allowed(self, user):
+ if not user.is_active:
+ raise forms.ValidationError(
+ _("This account is inactive."),
+ code='inactive',
+ )
+ if user.username.startswith('b'):
+ raise forms.ValidationError(
+ _("Sorry, accounts starting with 'b' aren't welcome here."),
+ code='no_b_users',
+ )
+
.. class:: PasswordChangeForm
A form for allowing a user to change their password.