Ticket #25232: 25232.diff

django/contrib/auth/backends.py

@@ -15 +15 @@
             username = kwargs.get(UserModel.USERNAME_FIELD)
         try:
             user = UserModel._default_manager.get_by_natural_key(username)
-            if user.check_password(password):
+            if user.check_password(password) and user.is_active:
                 return user
         except UserModel.DoesNotExist:
             # Run the default password hasher once to reduce the timing
@@ -90 +90 @@
     def get_user(self, user_id):
         UserModel = get_user_model()
         try:
-            return UserModel._default_manager.get(pk=user_id)
+            user = UserModel._default_manager.get(pk=user_id)
         except UserModel.DoesNotExist:
             return None
+        return user if user.is_active else None
 
 
 class RemoteUserBackend(ModelBackend):

django/test/client.py

@@ -594 +594 @@
         """
         from django.contrib.auth import authenticate
         user = authenticate(**credentials)
-        if (user and user.is_active and
-                apps.is_installed('django.contrib.sessions')):
+        if user and apps.is_installed('django.contrib.sessions'):
             self._login(user)
             return True
         else:

tests/test_client/tests.py

@@ -461 +461 @@
         self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
 
         # Log in
-        self.client.force_login(self.u2)
-
-        # Request a page that requires a login
-        response = self.client.get('/login_protected_view/')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.context['user'].username, 'inactive')
+        self.assertFalse(self.client.force_login(self.u2))
 
     def test_logout(self):
         "Request a logout after logging in"