Opened 15 years ago
Closed 15 years ago
#12113 closed (fixed)
contrib.auth documentation is misleading re: whether User.is_active matters for login
Reported by: | Ethan Jucovy | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | 1.1 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The documentation at source:/django//trunk/docs/topics/auth.txt says
.. attribute:: models.User.is_active Boolean. Designates whether this user account should be considered active. Set this flag to ``False`` instead of deleting accounts. This doesn't control whether or not the user can log in. Nothing in the authentication path checks the ``is_active`` flag, so if you want to reject a login based on ``is_active`` being ``False``, it is up to you to check that in your own login view. However, permission checking using the methods like :meth:`~models.User.has_perm` does check this flag and will always return ``False`` for inactive users.
"This doesn't control whether or not the user can log in."
This is technically true, but misleading, because the default AuthenticationForm
in django.contrib.auth *does* reject inactive users. This behavior is undocumented.
Attachments (3)
Change History (7)
by , 15 years ago
Attachment: | document_inactive_user_behavior.diff added |
---|
comment:1 by , 15 years ago
Has patch: | set |
---|
comment:2 by , 15 years ago
Triage Stage: | Unreviewed → Ready for checkin |
---|
comment:3 by , 15 years ago
I would also ditch "Nothing in the authentication path checks the is_active
" because "authentication path" is not a well-defined thing. I think what this line tries to say is that authentication *backends* might not check for is_active. And the user should check it manually.
comment:4 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
I took a stab at a documentation patch. I feel like this could be clearer, but I'm not sure how.