Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error…

Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. Regression in e0a3d937. Thanks Guilherme Junqueira for the report and Tim Graham for the review.

Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error…
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. Regression in e0a3d937. Thanks Guilherme Junqueira for the report and Tim Graham for the review.
359370a8 · shanghui · Tim Graham · 3ae9c356 · 359370a8 · 359370a8
Kaydet (Commit) 359370a8 authored Kas 08, 2017 tarafından shanghui Kaydeden (comit) Tim Graham Kas 08, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 4 deletions

forms.py django/contrib/auth/forms.py +9 -0

1.11.8.txt docs/releases/1.11.8.txt +2 -1

test_forms.py tests/auth_tests/test_forms.py +2 -3

No files found.
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -192,6 +192,15 @@ class AuthenticationForm(forms.Form):
        if username is not None and password:
            self.user_cache = authenticate(self.request, username=username, password=password)
            if self.user_cache is None:
+                # An authentication backend may reject inactive users. Check
+                # if the user exists and is inactive, and raise the 'inactive'
+                # error if so.
+                try:
+                    self.user_cache = UserModel._default_manager.get_by_natural_key(username)
+                except UserModel.DoesNotExist:
+                    pass
+                else:
+                    self.confirm_login_allowed(self.user_cache)
                raise self.get_invalid_login_error()
            else:
                self.confirm_login_allowed(self.user_cache)

--- a/docs/releases/1.11.8.txt
+++ b/docs/releases/1.11.8.txt
@@ -9,4 +9,5 @@ Django 1.11.8 fixes several bugs in 1.11.7.
 Bugfixes
 ========
-* ...
+* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
+  raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -262,9 +262,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
        )
-# To verify that the login form rejects inactive users, use an authentication
-# backend that allows them.
-@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
 class AuthenticationFormTest(TestDataMixin, TestCase):
    def test_invalid_username(self):
@@ -323,6 +320,8 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
            self.assertFalse(form.is_valid())
            self.assertEqual(form.non_field_errors(), [str(form.error_messages['inactive'])])
+    # Use an authentication backend that allows inactive users.
+    @override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
    def test_custom_login_allowed_policy(self):
        # The user is inactive, but our custom form policy allows them to log in.
        data = {