[Django] #26957: Inconsistency between doc and code: authenticate() when user.is_active == False

Tue, 26 Jul 2016 12:48:55 -0700 

#26957: Inconsistency between doc and code: authenticate() when user.is_active 
==
False
--------------------------------------+--------------------
     Reporter:  ericls                |      Owner:  nobody
         Type:  Cleanup/optimization  |     Status:  new
    Component:  contrib.auth          |    Version:  1.9
     Severity:  Normal                |   Keywords:
 Triage Stage:  Unreviewed            |  Has patch:  0
Easy pickings:  0                     |      UI/UX:  0
--------------------------------------+--------------------
 In the code:
 
https://github.com/django/django/blob/master/django/contrib/auth/backends.py#L12-L32


 {{{
     def authenticate(self, username=None, password=None, **kwargs):
         UserModel = get_user_model()
         if username is None:
             username = kwargs.get(UserModel.USERNAME_FIELD)
         try:
             user = UserModel._default_manager.get_by_natural_key(username)
         except UserModel.DoesNotExist:
             # Run the default password hasher once to reduce the timing
             # difference between an existing and a non-existing user
 (#20760).
             UserModel().set_password(password)
         else:
             if user.check_password(password) and
 self.user_can_authenticate(user):
                 return user

     def user_can_authenticate(self, user):
         """
         Reject users with is_active=False. Custom user models that don't
 have
         that attribute are allowed.
         """
         is_active = getattr(user, 'is_active', None)
         return is_active or is_active is None
 }}}


 authenticate() returns None when user.is_active == False.

 However, the documentation suggests that when user.is_active == False, the
 authenticate() method returns the user normally.

 {{{
 from django.contrib.auth import authenticate, login

 def my_view(request):
     username = request.POST['username']
     password = request.POST['password']
     user = authenticate(username=username, password=password)
     if user is not None:
         if user.is_active:
             login(request, user)
             # Redirect to a success page.
         else:
             # Return a 'disabled account' error message
             ...
     else:
         # Return an 'invalid login' error message.
         ...
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/26957>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/049.ca07643ac3ccbf8e308eb75d32dc3d5a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to