1 files changed, 51 insertions, 6 deletions

diff --git a/tests/auth_tests/test_auth_backends.py b/tests/auth_tests/test_auth_backends.py
index fee1a66bd4..e3c0109c96 100644
--- a/tests/auth_tests/test_auth_backends.py
+++ b/tests/auth_tests/test_auth_backends.py
@@ -15,7 +15,10 @@ from django.test import (
     SimpleTestCase, TestCase, modify_settings, override_settings,
 )
 
-from .models import CustomPermissionsUser, CustomUser, ExtensionUser, UUIDUser
+from .models import (
+    CustomPermissionsUser, CustomUser, CustomUserWithoutIsActiveField,
+    ExtensionUser, UUIDUser,
+)
 
 
 class CountingMD5PasswordHasher(MD5PasswordHasher):
@@ -200,19 +203,35 @@ class ModelBackendTest(BaseModelBackendTest, TestCase):
     Tests for the ModelBackend using the default User model.
     """
     UserModel = User
+    user_credentials = {'username': 'test', 'password': 'test'}
 
     def create_users(self):
-        self.user = User.objects.create_user(
-            username='test',
-            email='test@example.com',
-            password='test',
-        )
+        self.user = User.objects.create_user(email='test@example.com', **self.user_credentials)
         self.superuser = User.objects.create_superuser(
             username='test2',
             email='test2@example.com',
             password='test',
         )
 
+    def test_authenticate_inactive(self):
+        """
+        An inactive user can't authenticate.
+        """
+        self.assertEqual(authenticate(**self.user_credentials), self.user)
+        self.user.is_active = False
+        self.user.save()
+        self.assertIsNone(authenticate(**self.user_credentials))
+
+    @override_settings(AUTH_USER_MODEL='auth_tests.CustomUserWithoutIsActiveField')
+    def test_authenticate_user_without_is_active_field(self):
+        """
+        A custom user without an `is_active` field is allowed to authenticate.
+        """
+        user = CustomUserWithoutIsActiveField.objects._create_user(
+            username='test', email='test@example.com', password='test',
+        )
+        self.assertEqual(authenticate(username='test', password='test'), user)
+
 
 @override_settings(AUTH_USER_MODEL='auth_tests.ExtensionUser')
 class ExtensionUserModelBackendTest(BaseModelBackendTest, TestCase):
@@ -676,3 +695,29 @@ class SelectingBackendTests(TestCase):
         user = User.objects.create_user(self.username, 'email', self.password)
         self.client._login(user, self.other_backend)
         self.assertBackendInSession(self.other_backend)
+
+
+@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
+class AllowAllUsersModelBackendTest(TestCase):
+    """
+    Inactive users may authenticate with the AllowAllUsersModelBackend.
+    """
+    user_credentials = {'username': 'test', 'password': 'test'}
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = User.objects.create_user(
+            email='test@example.com', is_active=False,
+            **cls.user_credentials
+        )
+
+    def test_authenticate(self):
+        self.assertFalse(self.user.is_active)
+        self.assertEqual(authenticate(**self.user_credentials), self.user)
+
+    def test_get_user(self):
+        self.client.force_login(self.user)
+        request = HttpRequest()
+        request.session = self.client.session
+        user = get_user(request)
+        self.assertEqual(user, self.user)