Opened 13 years ago

Closed 11 years ago

#15366 closed New feature (duplicate)

AuthenticationForm should optionally permit inactive user login

Reported by: krejcik@… Owned by: hjeffrey
Component: contrib.auth Version: 1.3-beta
Severity: Normal Keywords: inactive
Cc: hjeffrey Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

ModelBackend now allows login with inactive user (it has supports_inactive_user property).
But AuthenticationForm never allows login of such user.
I guess it should be configurable because it is designed as base form for all authetication forms.

Attachments (2)

15366.diff (1.4 KB ) - added by hjeffrey 13 years ago.
15366-alternative.diff (973 bytes ) - added by Aymeric Augustin 12 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by Russell Keith-Magee, 13 years ago

milestone: 1.3
Triage Stage: UnreviewedAccepted

comment:2 by hjeffrey, 13 years ago

Cc: hjeffrey added
Owner: changed from nobody to hjeffrey
Status: newassigned

by hjeffrey, 13 years ago

Attachment: 15366.diff added

comment:3 by hjeffrey, 13 years ago

Has patch: set

comment:4 by hjeffrey, 13 years ago

Triage Stage: AcceptedDesign decision needed

I don't know it this is the best way of handling the problem, but it seemed the simplest and most straight forward solution that would work generically.

There is possibly the issue that could arise were there are several backends for which the user has inactive accounts, some of which allow inactive users to log in while others do not. In this scenario the user would be rejected if the first backend that had credentials for him didn't allow inactive users to log in ever if others in the list did or even if he had an active account further down the list of backends.

Is inactive user login going to be a project wide setting for all backends or be handled on a backend by backend basis? If it's project wide the approach should work alright, but it still ignores active accounts further down in the list. If it's backend by backend what would be the appropriate authentication handling under the scenario presented?

Last edited 13 years ago by hjeffrey (previous) (diff)

comment:5 by Łukasz Rekucki, 13 years ago

Severity: Normal
Type: New feature

comment:6 by Harro, 13 years ago

#12103 is also about inactive users login

comment:7 by Aymeric Augustin, 12 years ago

Easy pickings: unset
Needs documentation: set
Needs tests: set
Patch needs improvement: set
Triage Stage: Design decision neededAccepted
UI/UX: unset

We must consider:

Currently, the best solution is to subclass AuthenticationForm and override clean entirely. I'm attaching a patch that makes it easier to support inactive users in a subclass. This would need a little bit more investigation (where is AuthenticationForm used? what do the docs say?), possibly a more complete patch, then tests and docs.

by Aymeric Augustin, 12 years ago

Attachment: 15366-alternative.diff added

comment:8 by Claude Paroz, 11 years ago

Resolution: duplicate
Status: assignedclosed

For me, #12103 is actually a duplicate with a much more elaborate patch (including tests and docs).

Note: See TracTickets for help on using tickets.
Back to Top