Django-用户is_active [英] Django - user is_active
问题描述
这是我的用户身份验证方法:
This is my user authentication method:
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return HttpResponseRedirect(reverse('index'))
else:
print('TEST')
messages.info(request, 'Inactive user')
return HttpResponseRedirect(reverse('index'))
else:
messages.error(request, 'Invalid username/password!')
return HttpResponseRedirect(reverse('index'))
else:
return render(request, 'mainapp/login.html', {})
如果用户存在且未处于活动状态,则会出现错误消息:
If user exists and is not active wrong message appears:
messages.error(request, 'Invalid username/password!')
return HttpResponseRedirect(reverse('index'))
而不是:
print('TEST')
messages.info(request, 'Inactive user')
return HttpResponseRedirect(reverse('index'))
我不知道这里出了什么问题……任何线索?
I don't have any idea what is wrong here... Any clues?
推荐答案
默认的 ModelBackend 身份验证后端开始拒绝 Django 1.10 。因此,您的 authenticate()调用返回 None ,并且您得到无效的用户名/密码!来自外部if / else语句的消息。
The default ModelBackend authentication backend started rejecting inactive users in Django 1.10. Therefore your authenticate() call returns None, and you get the Invalid username/password! message from the outer if/else statement.
如丹尼尔所说,如果您使用默认的 ModelBackend ,不再需要在登录视图中检查 user.is_active 。
As Daniel says, if you use the default ModelBackend, you no longer need to check user.is_active in your login view.
如果您确实要进行身份验证以返回不活动的用户,则可以使用 AllowAllUsersModelBackend 代替。如果这样做,则有责任在登录视图中检查 is_active 标志。
If you really want authenticate to return inactive users, then you can use AllowAllUsersModelBackend instead. If you do this, then it is your responsibility to check the is_active flag in your login view.
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.AllowAllUsersModelBackend']
这篇关于Django-用户is_active的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
