Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.

Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645). This is a security fix.
author: Tim Graham <timograham@gmail.com> 2018-01-23 13:20:18 -0500
committer: Tim Graham <timograham@gmail.com> 2018-02-01 09:05:14 -0500
commit: af33fb250e9847f1ca8c0ba0d72671d76659704f (patch)
tree: 3f4caed086cfd8433b7a0bcdd244343ba4e0da73 /tests/admin_views
parent: 552abffab16cbdff571486b683e7e7ef12e46066 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/tests/admin_views/test_forms.py b/tests/admin_views/test_forms.py
index 8c58fe7eae..d4eecf48aa 100644
--- a/tests/admin_views/test_forms.py
+++ b/tests/admin_views/test_forms.py
@@ -1,8 +1,11 @@
 from django.contrib.admin.forms import AdminAuthenticationForm
 from django.contrib.auth.models import User
-from django.test import TestCase
+from django.test import TestCase, override_settings
 
 
+# To verify that the login form rejects inactive users, use an authentication
+# backend that allows them.
+@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
 class AdminAuthenticationFormTests(TestCase):
     @classmethod
     def setUpTestData(cls):
author	Tim Graham <timograham@gmail.com>	2018-01-23 13:20:18 -0500
committer	Tim Graham <timograham@gmail.com>	2018-02-01 09:05:14 -0500
commit	af33fb250e9847f1ca8c0ba0d72671d76659704f (patch)
tree	3f4caed086cfd8433b7a0bcdd244343ba4e0da73 /tests/admin_views
parent	552abffab16cbdff571486b683e7e7ef12e46066 (diff)