Monday, June 29, 2020

contrib.auth.forms Bug


Hello,


Please have a look at the following:

I was just about to subclass the login form of
django.contrib.auth.forms:

"class AuthenticationForm(forms.Form)"

after dealing a bit with the code I was about to customize the
user_is.active check in order to display a customized message at my
login. I was wondering as I was not able to figure out at what point
exactly the user_is.active really gets validated.
The clean method does a call to another function called
confirm_login_allowed but from my perspective this never gets reached?!
I test against this with a user that is not active but I always get
back self.get_invalid_login_error instead of confirm_login_allowed
error message.
Can smb. confirm that this is a bug or at least at what point
confirm_login_allowed gets triggered ?



    def clean(self):
        username = self.cleaned_data.get('username')
        password = self.cleaned_data.get('password')
    
        if username is not None and password:
            self.user_cache = authenticate(self.request,
username=username, password=password)
            if self.user_cache is None:
                raise self.get_invalid_login_error()
            else:
                self.confirm_login_allowed(self.user_cache)
    
        return self.cleaned_data
    
    def confirm_login_allowed(self, user):
        if not user.is_active:
            raise forms.ValidationError(
                self.error_messages['inactive'],
                code='inactive',
            )

    def get_user(self):
        return self.user_cache

    def get_invalid_login_error(self):
        return forms.ValidationError(
            self.error_messages['invalid_login'],
            code='invalid_login',
            params={'username': self.username_field.verbose_name},
        )


There is also a stackoverflow post about this here:
https://stackoverflow.com/questions/62622571/



Kind regards,

Robin

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0fc1c5cc-9e28-4903-a83e-6d77a655a270n%40googlegroups.com.

No comments:

Post a Comment