允许不活动的用户通过自定义Django后端登录 [英] Allowing inactive users to login via custom django backend
问题描述
我有一个正在玩的自定义身份验证后端.我想允许不活动的用户登录.即使我可以验证是否返回了 user
,将 supports_inactive_user
标志设置为true似乎也不能解决问题.
I have a custom auth backend that I'm playing with. I want to allow inactive users to log in. Setting the supports_inactive_user
flag to true doesn't seem to do the trick, even though I can verify that the user
is being returned.
class AuthenticationBackend(ModelBackend):
supports_object_permissions = False
supports_anonymous_user = True
supports_inactive_user = True
def authenticate(self, username=None, password=None):
"""
Allow login with email inplace of username
"""
user = None
if username is not None:
username = username.strip()
if email_re.search(username):
try:
user = User.objects.get(email__iexact=username)
except User.DoesNotExist:
pass
if not user:
try:
user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
return None
if user.check_password(password):
return user
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
我正在使用django 1.4.我想念什么?
I'm using django 1.4. What am I missing?
推荐答案
Your user gets authenticated successfully, but it's the AuthenticationForm
that raises a ValidationError
when the user is inactive. You can override the clean method in a subclass to catch the corresponding ValidationError
:
class InactiveAuthenticationForm(AuthenticationForm):
# a bit messy but it should work
def clean(self):
try:
return super(InactiveAuthenticationForm, self).clean()
except ValidationError as e:
if self.cached_user is not None: # user exists but is not active
# behavior that's skipped because of the validation error
self.check_for_test_cookie()
return self.cleaned_data
else:
raise e
但是,请考虑使用用户的 is_active
标志代替实际删除用户.您可能需要重新考虑使用 is_active
.如果您希望用户能够在创建帐户后立即登录,则有更好的方法来实现.
However, consider that a user's is_active
flag is a replacement for actually deleting the user. You might want to reconsider your use of is_active
. If you want users to be able to login as soon as they've created an account, there are better ways to achieve that.
这篇关于允许不活动的用户通过自定义Django后端登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!