[Django] #28751: Add an error message for inactive user login in AdminAuthenticationForm
Django
------------------------------------------------+------------------------
Reporter: SeungWon Kang | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
In admin login site, I found that inactive error message does not exist.
(In AuthenticationForm it exists) I know default BackEnd checks the
inactive in user_can_authenticate() method, but I think this error message
is helpful if using other BackEnd like AllowAllUsersModelBackEnd.
In AuthenticationForm,
{{{
def confirm_login_allowed(self, user):
...
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
}}}
but in AdminAuthenticationForm,
{{{
def confirm_login_allowed(self, user):
if not user.is_active or not user.is_staff:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params={'username': self.username_field.verbose_name}
)
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28751>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: SeungWon Kang | Owner: nobody
Cleanup/optimization |
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by SeungWon Kang:
Old description:
> In admin login site, I found that inactive error message does not exist.
> (In AuthenticationForm it exists) I know default BackEnd checks the
> inactive in user_can_authenticate() method, but I think this error
> message is helpful if using other BackEnd like AllowAllUsersModelBackEnd.
>
> In AuthenticationForm,
> {{{
> def confirm_login_allowed(self, user):
> ...
> if not user.is_active:
> raise forms.ValidationError(
> self.error_messages['inactive'],
> code='inactive',
> )
> }}}
>
> but in AdminAuthenticationForm,
>
> {{{
> def confirm_login_allowed(self, user):
> if not user.is_active or not user.is_staff:
> raise forms.ValidationError(
> self.error_messages['invalid_login'],
> code='invalid_login',
> params={'username': self.username_field.verbose_name}
> )
> }}}
New description:
In admin login site, I found that inactive error message does not exist.
(In AuthenticationForm it exists) I know default BackEnd checks the
inactive in user_can_authenticate() method, but I think this error message
is helpful if using other BackEnd like AllowAllUsersModelBackEnd.
In AuthenticationForm,
{{{
def confirm_login_allowed(self, user):
...
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
}}}
but in AdminAuthenticationForm,
{{{
def confirm_login_allowed(self, user):
if not user.is_active or not user.is_staff:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params={'username': self.username_field.verbose_name}
)
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:1>
Django
Reporter: SeungWon Kang | Owner: nobody
Cleanup/optimization |
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by SeungWon Kang:
Old description:
> In admin login site, I found that inactive error message does not exist.
> (In AuthenticationForm it exists) I know default BackEnd checks the
> inactive in user_can_authenticate() method, but I think this error
> message is helpful if using other BackEnd like AllowAllUsersModelBackEnd.
>
> In AuthenticationForm,
> {{{
> def confirm_login_allowed(self, user):
> ...
> if not user.is_active:
> raise forms.ValidationError(
> self.error_messages['inactive'],
> code='inactive',
> )
> }}}
>
> but in AdminAuthenticationForm,
>
> {{{
> def confirm_login_allowed(self, user):
> if not user.is_active or not user.is_staff:
> raise forms.ValidationError(
> self.error_messages['invalid_login'],
> code='invalid_login',
> params={'username': self.username_field.verbose_name}
> )
> }}}
New description:
In admin login site, I found that error message for 'inactive' user does
not exist. (In AuthenticationForm it exists) I know default BackEnd checks
the inactive in user_can_authenticate() method, but I think this error
message is helpful if using other BackEnd like AllowAllUsersModelBackEnd.
In AuthenticationForm,
{{{
def confirm_login_allowed(self, user):
...
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
}}}
but in AdminAuthenticationForm,
{{{
def confirm_login_allowed(self, user):
if not user.is_active or not user.is_staff:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params={'username': self.username_field.verbose_name}
)
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:2>
Django
Reporter: SeungWon Kang | Owner: nobody
Cleanup/optimization |
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by SeungWon Kang:
Old description:
> In admin login site, I found that error message for 'inactive' user does
> not exist. (In AuthenticationForm it exists) I know default BackEnd
> checks the inactive in user_can_authenticate() method, but I think this
> error message is helpful if using other BackEnd like
> AllowAllUsersModelBackEnd.
>
> In AuthenticationForm,
> {{{
> def confirm_login_allowed(self, user):
> ...
> if not user.is_active:
> raise forms.ValidationError(
> self.error_messages['inactive'],
> code='inactive',
> )
> }}}
>
> but in AdminAuthenticationForm,
>
> {{{
> def confirm_login_allowed(self, user):
> if not user.is_active or not user.is_staff:
> raise forms.ValidationError(
> self.error_messages['invalid_login'],
> code='invalid_login',
> params={'username': self.username_field.verbose_name}
> )
> }}}
New description:
In admin login site, I found that ValidationError message for 'inactive'
user does not exist. (In AuthenticationForm it exists) I know default
BackEnd checks the is_active in user_can_authenticate() method, but I
think adding this error message would be helpful if using other BackEnd
like AllowAllUsersModelBackEnd.
In AuthenticationForm, it shows inactive error message to the inactive
user(user that `is_active=False`)
{{{
def confirm_login_allowed(self, user):
...
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
}}}
but in AdminAuthenticationForm, it shows invalid_login error message to
the inactive user(user that `is_active=False`)
{{{
def confirm_login_allowed(self, user):
if not user.is_active or not user.is_staff:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params={'username': self.username_field.verbose_name}
)
}}}
So I suggest to change it like
{{{
error_messages = {
...
'inactive': _("This account is inactive."),
}
...
def confirm_login_allowed(self, user):
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
if not user.is_staff:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params = {'username': self.username_field.verbose_name},
)
....
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:3>
Django
Reporter: SeungWon Kang | Owner: nobody
Cleanup/optimization |
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by hui shang):
[https://github.com/django/django/pull/9308 PR]
This ticket is related to [https://code.djangoproject.com/ticket/28645
ticket_28645], so I make the commits for these two tickets in the same PR.
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:4>
Django
Reporter: SeungWon Kang | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* has_patch: 0 => 1
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:5>
Django
Reporter: SeungWon Kang | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:6>
Django
Reporter: SeungWon Kang | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by hui shang):
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:7>
Django
Reporter: SeungWon Kang | Owner: nobody
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"ebb998976e2889c669972ed3d1b372cc6a2b5229" ebb99897]:
{{{
#!CommitTicketReference repository=""
revision="ebb998976e2889c669972ed3d1b372cc6a2b5229"
Fixed #28751 -- Corrected the error message for inactive users in
AdminAuthenticationForm.
Thanks SeungWon Kang for the report and Tim Graham for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28751#comment:8>