summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authoran0o0nym <an0o0nyme@gmail.com>2016-08-10 19:13:35 +0200
committerTim Graham <timograham@gmail.com>2016-08-10 19:52:49 -0400
commitc52350bc6c0ce4e146db696d3a9772b6b9dc554f (patch)
tree7d40ac44b4e9794614ebe8f891663195483b6efb /docs
parent7eefb397063daa248e4b6d45812ecf6d4497089a (diff)
[1.10.x] Fixed #26957 -- Corrected authenticate() docs regarding User.is_active.
Backport of c412aaca735c7cc1c766b85c1512f9ff434ce63a from master
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/default.txt43
1 files changed, 21 insertions, 22 deletions
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index a3ce6f73fd..d0eeabe36a 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -117,25 +117,21 @@ Authenticating users
.. function:: authenticate(\**credentials)
- To authenticate a given username and password, use
- :func:`~django.contrib.auth.authenticate()`. It takes credentials in the
- form of keyword arguments, for the default configuration this is
- ``username`` and ``password``, and it returns
- a :class:`~django.contrib.auth.models.User` object if the password is valid
- for the given username. If the password is invalid,
- :func:`~django.contrib.auth.authenticate()` returns ``None``. Example::
+ Use :func:`~django.contrib.auth.authenticate()` to verify a set of
+ credentials. It takes credentials as keyword arguments, ``username`` and
+ ``password`` for the default case, checks them against each
+ :ref:`authentication backend <authentication-backends>`, and returns a
+ :class:`~django.contrib.auth.models.User` object if the credentials are
+ valid for a backend. If the credentials aren't valid for any backend or if
+ a backend raises :class:`~django.core.exceptions.PermissionDenied`, it
+ returns ``None``. For example::
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
if user is not None:
- # the password verified for the user
- if user.is_active:
- print("User is valid, active and authenticated")
- else:
- print("The password is valid, but the account has been disabled!")
+ # A backend authenticated the credentials
else:
- # the authentication system was unable to verify the username and password
- print("The username and password were incorrect.")
+ # No backend authenticated the credentials
.. note::
@@ -348,12 +344,9 @@ If you have an authenticated user you want to attach to the current session
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
- if user.is_active:
- login(request, user)
- # Redirect to a success page.
- else:
- # Return a 'disabled account' error message
- ...
+ login(request, user)
+ # Redirect to a success page.
+ ...
else:
# Return an 'invalid login' error message.
...
@@ -513,7 +506,8 @@ The ``login_required`` decorator
.. note::
The ``login_required`` decorator does NOT check the ``is_active`` flag on a
- user.
+ user, but the default :setting:`AUTHENTICATION_BACKENDS` reject inactive
+ users.
.. seealso::
@@ -555,7 +549,8 @@ inheritance list.
.. note::
Just as the ``login_required`` decorator, this mixin does NOT check the
- ``is_active`` flag on a user.
+ ``is_active`` flag on a user, but the default
+ :setting:`AUTHENTICATION_BACKENDS` reject inactive users.
.. currentmodule:: django.contrib.auth.decorators
@@ -1533,6 +1528,10 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
def confirm_login_allowed(self, user):
pass
+ (In this case, you'll also need to use an authentication backend that
+ allows inactive users, such as as
+ :class:`~django.contrib.auth.backends.AllowAllUsersModelBackend`.)
+
Or to allow only some active users to log in::
class PickyAuthenticationForm(AuthenticationForm):