Context Navigation

← Previous Ticket
Next Ticket →

#12113 closed (fixed)

contrib.auth documentation is misleading re: whether User.is_active matters for login

Reported by:	Ethan Jucovy	Owned by:	nobody
Component:	Documentation	Version:	1.1
Severity:		Keywords:
Cc:		Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

The documentation at source:/django//trunk/docs/topics/auth.txt says

    .. attribute:: models.User.is_active

        Boolean. Designates whether this user account should be considered
	active. Set this flag to ``False`` instead of deleting accounts.

	This doesn't control whether or not the user can log in. Nothing in the
        authentication path checks the ``is_active`` flag, so if you want to
        reject a login based on ``is_active`` being ``False``, it is up to you
	to check that in your own login view. However, permission checking
        using the methods like :meth:`~models.User.has_perm` does check this
	flag and will always return ``False`` for inactive users.

"This doesn't control whether or not the user can log in."

This is technically true, but misleading, because the default AuthenticationForm in django.contrib.auth *does* reject inactive users. This behavior is undocumented.

Attachments (3)

document_inactive_user_behavior.diff (886 bytes ) - added by Ethan Jucovy 15 years ago.
12113.diff (1.4 KB ) - added by Tim Graham 15 years ago.: minor edits to existing patch
12113.3.diff (1.8 KB ) - added by Ivan Sagalaev 15 years ago.: Another edit, without vague "authentication path"

Download all attachments as: .zip

Change History (7)

by Ethan Jucovy, 15 years ago

Attachment:	document_inactive_user_behavior.diff added

comment:1 by Ethan Jucovy, 15 years ago

Has patch:	set

I took a stab at a documentation patch. I feel like this could be clearer, but I'm not sure how.

by Tim Graham, 15 years ago

Attachment:	12113.diff added

minor edits to existing patch

comment:2 by Tim Graham, 15 years ago

Triage Stage:	Unreviewed → Ready for checkin

comment:3 by Ivan Sagalaev, 15 years ago

I would also ditch "Nothing in the authentication path checks the is_active" because "authentication path" is not a well-defined thing. I think what this line tries to say is that authentication *backends* might not check for is_active. And the user should check it manually.

by Ivan Sagalaev, 15 years ago

Attachment:	12113.3.diff added

Another edit, without vague "authentication path"

comment:4 by Adrian Holovaty, 15 years ago

Resolution:	→ fixed
Status:	new → closed

(In [12193]) Fixed #12113 -- Clarified is_active documentation. Thanks, ejucovy and isagalaev

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues