diff options
| author | Tim Graham <timograham@gmail.com> | 2013-07-30 08:24:13 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-07-31 13:54:05 -0400 |
| commit | a1889397a9f0e6a35189de455098b4c70923e561 (patch) | |
| tree | 64de1b37a3827109199391e8b5bc474f6390d9c1 /docs | |
| parent | 1c3c21b38d154eff0286c194711dced2ac39dd3d (diff) | |
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
Thanks ejucovy and lasko for work on the patch.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.7.txt | 4 | ||||
| -rw-r--r-- | docs/topics/auth/default.txt | 34 |
2 files changed, 38 insertions, 0 deletions
diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 0951cd3058..b75fd89f4c 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -101,6 +101,10 @@ Minor features :class:`~django.middleware.http.ConditionalGetMiddleware` to handle conditional ``GET`` requests for sitemaps which set ``lastmod``. +* You can override the new :meth:`AuthenticationForm.confirm_login_allowed() + <django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed>` method + to more easily customize the login policy. + Backwards incompatible changes in 1.7 ===================================== diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index b7f679bf28..25fe262b56 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -959,6 +959,40 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`: Takes ``request`` as its first positional argument, which is stored on the form instance for use by sub-classes. + .. method:: confirm_login_allowed(user) + + .. versionadded:: 1.7 + + By default, ``AuthenticationForm`` rejects users whose ``is_active`` flag + is set to ``False``. You may override this behavior with a custom policy to + determine which users can log in. Do this with a custom form that subclasses + ``AuthenticationForm`` and overrides the ``confirm_login_allowed`` method. + This method should raise a :exc:`~django.core.exceptions.ValidationError` + if the given user may not log in. + + For example, to allow all users to log in, regardless of "active" status:: + + from django.contrib.auth.forms import AuthenticationForm + + class AuthenticationFormWithInactiveUsersOkay(AuthenticationForm): + def confirm_login_allowed(self, user): + pass + + Or to allow only some active users to log in:: + + class PickyAuthenticationForm(AuthenticationForm): + def confirm_login_allowed(self, user): + if not user.is_active: + raise forms.ValidationError( + _("This account is inactive."), + code='inactive', + ) + if user.username.startswith('b'): + raise forms.ValidationError( + _("Sorry, accounts starting with 'b' aren't welcome here."), + code='no_b_users', + ) + .. class:: PasswordChangeForm A form for allowing a user to change their password. |
