Ticket #12113: 12113.3.diff

File 12113.3.diff, 1.8 KB (added by isagalaev, 5 years ago)

Another edit, without vague "authentication path"

  • docs/topics/auth.txt

    === modified file 'docs/topics/auth.txt'
     
    9999        Boolean. Designates whether this user account should be considered
    100100        active. Set this flag to ``False`` instead of deleting accounts.
    101101
    102         This doesn't control whether or not the user can log in. Nothing in the
    103         authentication path checks the ``is_active`` flag, so if you want to
    104         reject a login based on ``is_active`` being ``False``, it is up to you
    105         to check that in your own login view. However, permission checking
    106         using the methods like :meth:`~models.User.has_perm` does check this
    107         flag and will always return ``False`` for inactive users.
     102        This doesn't control whether or not the user can log in. Authentication
     103        backends are not required to check for ``is_active`` flag, so if you
     104        want to reject a login based on ``is_active`` being ``False``, it is up
     105        to you to check that in your own login view. However the
     106        :class:`~django.contrib.auth.forms.AuthenticationForm` used by the
     107        :func:`~django.contrib.auth.views.login` view *does* perform this
     108        check and therefore rejects inactive users from logging in. Permission
     109        checking using the methods like :meth:`~models.User.has_perm` and
     110        authentication in admin application also check this flag and will
     111        always reject inactive users.
    108112
    109113    .. attribute:: models.User.is_superuser
    110114
     
    994998
    995999    A form for logging a user in.
    9961000
     1001    The ``AuthenticationForm`` rejects users whose
     1002    :attr:`~django.contrib.auth.models.User.is_active` flag is set to ``False``.
     1003
    9971004.. class:: PasswordChangeForm
    9981005
    9991006    A form for allowing a user to change their password.
Back to Top