search

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
www.tivix.com
MIT License
2.4k stars 662 forks source link

LoginSerializer unable to handle is_active with default ModelBackend #596

Open psmolak opened 4 years ago

psmolak commented 4 years ago

The default LoginSerializer checks for is_active field in the following way:

        # Did we get back an active user?
        if user:
            if not user.is_active:
                msg = _('User account is disabled.')
                raise exceptions.ValidationError(msg)
        else:
            msg = _('Unable to log in with provided credentials.')
            raise exceptions.ValidationError(msg)

however allauth along with the default Django authentication backend ModelBackend returns User object instance only when password matches and is_active=True

    def authenticate(self, request, username=None, password=None, **kwargs):
        (rest of the implementation...)
        if user.check_password(password) and self.user_can_authenticate(user):
            return user

    def user_can_authenticate(self, user):
        is_active = getattr(user, 'is_active', None)
        return is_active or is_active is None

ultimately resulting every login as an inactive user in wrong error validation message.

BarnabasSzabolcs commented 4 years ago

Hi,

this repo is not maintained anymore, so the development moved to dj-rest-auth. (reference: #568) It may be best, if you move this PR there. (and upgrade to using dj_rest_auth)

new repo link: https://github.com/jazzband/dj-rest-auth (I'm not the upkeeper of that repo, it just makes sense for me to help you write where it brings value.)

Best, Barney