Add active_login_required decorator

[Wim Feijen]

Hi,

Documentation recommends setting a user's is_active flag to False in stead of deleting a user:

​https://docs.djangoproject.com/en/1.10/ref/contrib/auth/#django.contrib.auth.models.User.is_active
"Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break."

However, the recommended login_required decorator does not check whether is_active is True or False, meaning inactive users may still access that view.

To maintain backwards compatibility, it was decided not to change the behaviour of login_required, see:
https://code.djangoproject.com/ticket/13125
"is_active is a hook for custom auth sources and custom auth logic; the built-in stuff doesn't check it. Yes it's a bit counter-intuitive, but changing it is going to break a number of expectations in users' code, so it's going to need to stay as is."

As a solution, I'd like to add an active_login_required decorator, which does check for is_active = True. That way we maintain backwards compatibility and in addition we can have a decorator that behaves intuitively.

[Tim Graham]

I'm not sure if this has much value considering that ModelBackend and RemoteUserBackend reject inactive users (as of Django 1.10, see #25232). Would this decorator change behavior in any way?