Ticket #12103: 12103_method_on_form.diff

File 12103_method_on_form.diff, 3.0 KB (added by Ethan Jucovy, 15 years ago)

Control login policy with an overridable method on the form

  • django/contrib/auth/forms.py

     
    7979            self.user_cache = authenticate(username=username, password=password)
    8080            if self.user_cache is None:
    8181                raise forms.ValidationError(_("Please enter a correct username and password. Note that both fields are case-sensitive."))
    82             elif not self.user_cache.is_active:
    83                 raise forms.ValidationError(_("This account is inactive."))
    84 
     82            else:
     83                self.confirm_login_allowed(user_cache)
     84       
    8585        # TODO: determine whether this should move to its own method.
    8686        if self.request:
    8787            if not self.request.session.test_cookie_worked():
     
    8989
    9090        return self.cleaned_data
    9191
     92    def confirm_login_allowed(self, user):
     93        """
     94        Controls whether the given ``auth.User`` object may log in. This is a policy setting,
     95        independent of end-user authentication. This default behavior is to allow login by
     96        active users, and reject login by inactive users.
     97
     98        If the given user cannot log in, this method should raise a ``forms.ValidationError``.
     99
     100        If the given user may log in, this method should return None.
     101        """
     102        if not user.is_active:
     103            raise forms.ValidationError(_("This account is inactive."))
     104
    92105    def get_user_id(self):
    93106        if self.user_cache:
    94107            return self.user_cache.id
  • docs/topics/auth.txt

     
    10001000
    10011001    A form for logging a user in.
    10021002
     1003    The ``AuthenticationForm`` rejects users whose ``is_active`` flag is set to ``False``.
     1004    You may override this behavior with a custom policy to determine which users can log in.
     1005    Do this with a custom form that subclasses ``AuthenticationForm`` and overrides the
     1006    ``confirm_login_allowed(self, user)`` method.  This method will raise a ``forms.ValidationError``
     1007    if the given user may not log in.
     1008
     1009    For example, to allow all users to log in, regardless of activation status::
     1010
     1011    .. code-block:: python
     1012
     1013        class AuthenticationFormWithInactiveUsersOkay(AuthenticationForm):
     1014            def confirm_login_allowed(self, user):
     1015                return None
     1016
     1017    Or to allow only some active users to log in:
     1018
     1019    .. code-block:: python
     1020
     1021        class PickyAuthenticationForm(AuthenticationForm):
     1022            def confirm_login_allowed(self, user):
     1023                if not user.is_active:
     1024                    raise forms.ValidationError(_("This account is inactive."))
     1025                if user.username.startswith('b'):
     1026                    raise forms.ValidationError(_("Sorry, accounts starting with 'b' aren't welcome here."))
     1027
    10031028.. class:: PasswordChangeForm
    10041029
    10051030    A form for allowing a user to change their password.
Back to Top