Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django - user is_active

This is my user authentication method:

def user_login(request):
    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        user = authenticate(username=username, password=password)

        if user:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect(reverse('index'))
            else:
                print('TEST')
                messages.info(request, 'Inactive user')
                return HttpResponseRedirect(reverse('index'))
        else:
            messages.error(request, 'Invalid username/password!')
        return HttpResponseRedirect(reverse('index'))
    else:
        return render(request, 'mainapp/login.html', {})

If user exists and is not active wrong message appears:

messages.error(request, 'Invalid username/password!')
return HttpResponseRedirect(reverse('index'))

instead of:

print('TEST')
messages.info(request, 'Inactive user')
return HttpResponseRedirect(reverse('index'))

I don't have any idea what is wrong here... Any clues?

like image 699
jundymek Avatar asked Apr 03 '17 12:04

jundymek


People also ask

What is Is_active in Django?

is_active. Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won't break.

How do I access users in Django?

from django.contrib.auth import authenticate, login def my_view(request): username = request.POST['username'] password = request.POST['password'] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) # Redirect to a success page. ... else: # Return an 'invalid ...

How do I know if my Django user is superuser?

in admin panel superuser box is checked.

How do you fix login () takes 1 positional argument but 2 were given?

Change the view name, or import the function under a different name eg from django. contrib. auth import login as auth_login . Save this answer.


2 Answers

The default ModelBackend authentication backend started rejecting inactive users in Django 1.10. Therefore your authenticate() call returns None, and you get the Invalid username/password! message from the outer if/else statement.

As Daniel says, if you use the default ModelBackend, you no longer need to check user.is_active in your login view.

If you really want authenticate to return inactive users, then you can use AllowAllUsersModelBackend instead. If you do this, then it is your responsibility to check the is_active flag in your login view.

AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.AllowAllUsersModelBackend']
like image 56
Alasdair Avatar answered Nov 18 '22 23:11

Alasdair


The call to authenticate already checks that the user has the is_active flag set, and returns None if not. There is no need to check it separately.

like image 30
Daniel Roseman Avatar answered Nov 19 '22 01:11

Daniel Roseman