Ticket #12103: 12103_with_better_working_tests.diff

File 12103_with_better_working_tests.diff, 4.9 KB (added by ejucovy, 4 years ago)
  • docs/topics/auth.txt

     
    10461046
    10471047    A form for logging a user in.
    10481048
     1049    The ``AuthenticationForm`` rejects users whose ``is_active`` flag is set to ``False``.
     1050    You may override this behavior with a custom policy to determine which users can log in.
     1051    Do this with a custom form that subclasses ``AuthenticationForm`` and overrides the
     1052    ``confirm_login_allowed(self, user)`` method.  This method will raise a ``forms.ValidationError``
     1053    if the given user may not log in.
     1054
     1055    For example, to allow all users to log in, regardless of activation status::
     1056
     1057    .. code-block:: python
     1058
     1059        class AuthenticationFormWithInactiveUsersOkay(AuthenticationForm):
     1060            def confirm_login_allowed(self, user):
     1061                pass
     1062
     1063    Or to allow only some active users to log in:
     1064
     1065    .. code-block:: python
     1066
     1067        class PickyAuthenticationForm(AuthenticationForm):
     1068            def confirm_login_allowed(self, user):
     1069                if not user.is_active:
     1070                    raise forms.ValidationError(_("This account is inactive."))
     1071                if user.username.startswith('b'):
     1072                    raise forms.ValidationError(_("Sorry, accounts starting with 'b' aren't welcome here."))
     1073
    10491074.. class:: PasswordChangeForm
    10501075
    10511076    A form for allowing a user to change their password.
  • django/contrib/auth/tests/forms.py

     
    102102                         [u'This account is inactive.'])
    103103
    104104
     105    def test_custom_login_allowed_policy(self):
     106        # The user is inactive, but our custom form policy allows him to log in.
     107        data = {
     108            'username': 'inactive',
     109            'password': 'password',
     110            }
     111
     112        class AuthenticationFormWithInactiveUsersOkay(AuthenticationForm):
     113            def confirm_login_allowed(self, user):
     114                pass
     115
     116        form = AuthenticationFormWithInactiveUsersOkay(None, data)
     117        self.assertTrue(form.is_valid())
     118
     119        # If we want to disallow some logins according to custom logic,
     120        # we should raise a django.forms.ValidationError in the form.
     121        from django.forms import ValidationError
     122        from django.utils.translation import ugettext_lazy as _
     123        class PickyAuthenticationForm(AuthenticationForm):
     124            def confirm_login_allowed(self, user):
     125                if user.username == "inactive":
     126                    raise ValidationError(_("This user is disallowed."))
     127                raise ValidationError(_("Sorry, nobody's allowed in."))
     128       
     129        form = PickyAuthenticationForm(None, data)
     130        self.assertFalse(form.is_valid())
     131        self.assertEqual(form.non_field_errors(),
     132                         [u'This user is disallowed.'])
     133       
     134        data = {
     135            'username': 'testclient',
     136            'password': 'password',
     137            }
     138        form = PickyAuthenticationForm(None, data)
     139        self.assertFalse(form.is_valid())
     140        self.assertEqual(form.non_field_errors(),
     141                         [u"Sorry, nobody's allowed in."])
     142       
    105143    def test_success(self):
    106144        # The success case
    107145        data = {
  • django/contrib/auth/forms.py

     
    8585            self.user_cache = authenticate(username=username, password=password)
    8686            if self.user_cache is None:
    8787                raise forms.ValidationError(_("Please enter a correct username and password. Note that both fields are case-sensitive."))
    88             elif not self.user_cache.is_active:
    89                 raise forms.ValidationError(_("This account is inactive."))
     88            else:
     89                self.confirm_login_allowed(self.user_cache)
    9090        self.check_for_test_cookie()
    9191        return self.cleaned_data
    9292
     
    9696                _("Your Web browser doesn't appear to have cookies enabled. "
    9797                  "Cookies are required for logging in."))
    9898
     99    def confirm_login_allowed(self, user):
     100        """
     101        Controls whether the given ``auth.User`` object may log in. This is a policy setting,
     102        independent of end-user authentication. This default behavior is to allow login by
     103        active users, and reject login by inactive users.
     104
     105        If the given user cannot log in, this method should raise a ``forms.ValidationError``.
     106
     107        If the given user may log in, this method should return None.
     108        """
     109        if not user.is_active:
     110            raise forms.ValidationError(_("This account is inactive."))
     111
    99112    def get_user_id(self):
    100113        if self.user_cache:
    101114            return self.user_cache.id
Back to Top