Opened 5 years ago

Closed 5 years ago

#22192 closed Bug (invalid)

PasswordResetForm fails on custom user models without an is_active DB field

Reported by: Fraser Nevett Owned by: nobody
Component: contrib.auth Version: 1.6
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The change made for ticket #21291 results in the standard PasswordResetForm breaking if the custom user model being used doesn't have is_active defined as a database field. It raises:

Cannot resolve keyword 'is_active' into field.

As far as I can tell from the docs and code, Django requires is_active to be present on the custom user model as an attribute, not an actual database field.

In my case, I have is_active defined as a property on the model that is calculated from other information.

The filtering of active users should therefore be done in Python rather than at the database-level. Instead of:

active_users = UserModel._default_manager.filter(
    email__iexact=email, is_active=True)
for user in active_users:

It should be something like:

users = UserModel._default_manager.filter(email__iexact=email)
active_users = filter(lambda u: u.is_active, users)
for user in active_users:

Change History (1)

comment:1 Changed 5 years ago by Baptiste Mispelon

Resolution: invalid
Status: newclosed


The documentation on custom user models and builtin auth forms [1] says:

Assumes that the user model has [...] a boolean field named is_active to prevent password resets for inactive users.

So I'd argue that things are working as intended.

There may be a case for making the form a bit more flexible when it comes to custom user models (in fact, there's already some tickets regarding this issue with other builtin auth forms I believe) so if you have some ideas on how to improve things, feel free to open a new ticket describing your proposal.



Note: See TracTickets for help on using tickets.
Back to Top