=== modified file 'docs/topics/auth.txt'
|
|
|
|
| 99 | 99 | Boolean. Designates whether this user account should be considered |
| 100 | 100 | active. Set this flag to ``False`` instead of deleting accounts. |
| 101 | 101 | |
| 102 | | This doesn't control whether or not the user can log in. Nothing in the |
| 103 | | authentication path checks the ``is_active`` flag, so if you want to |
| 104 | | reject a login based on ``is_active`` being ``False``, it is up to you |
| 105 | | to check that in your own login view. However, permission checking |
| 106 | | using the methods like :meth:`~models.User.has_perm` does check this |
| 107 | | flag and will always return ``False`` for inactive users. |
| | 102 | This doesn't control whether or not the user can log in. Authentication |
| | 103 | backends are not required to check for ``is_active`` flag, so if you |
| | 104 | want to reject a login based on ``is_active`` being ``False``, it is up |
| | 105 | to you to check that in your own login view. However the |
| | 106 | :class:`~django.contrib.auth.forms.AuthenticationForm` used by the |
| | 107 | :func:`~django.contrib.auth.views.login` view *does* perform this |
| | 108 | check and therefore rejects inactive users from logging in. Permission |
| | 109 | checking using the methods like :meth:`~models.User.has_perm` and |
| | 110 | authentication in admin application also check this flag and will |
| | 111 | always reject inactive users. |
| 108 | 112 | |
| 109 | 113 | .. attribute:: models.User.is_superuser |
| 110 | 114 | |
| … |
… |
|
| 994 | 998 | |
| 995 | 999 | A form for logging a user in. |
| 996 | 1000 | |
| | 1001 | The ``AuthenticationForm`` rejects users whose |
| | 1002 | :attr:`~django.contrib.auth.models.User.is_active` flag is set to ``False``. |
| | 1003 | |
| 997 | 1004 | .. class:: PasswordChangeForm |
| 998 | 1005 | |
| 999 | 1006 | A form for allowing a user to change their password. |