How can I block logins from users with is_active == False?

[João Matos]

Hello,

How can I block logins from users with is_active == False?

Thanks,

JM

[João Matos]

Found a solution

def check_if_user_is_active(form):
    """Check if user is active."""
    if not db.auth_user(username=form.vars.username).is_active:
        session.flash = T('That username is not active.')
        redirect(URL('user', 'login'))


auth.settings.login_onvalidation.append(check_if_user_is_active)

Is there a better way?

[Anthony]

How are you setting is_active to False? Are you doing it manually, or is it happening via a delete with record versioning enabled (as described here)? If the latter, you don't need to do any check, as a common filter automatically excludes all records with in_active == False from all queries.

If you are setting it manually, you can set up your own common filter:

db.auth_user._common_filter = lambda query: db.auth_user.is_active == True

By default, the above will affect all queries against the db.auth_user table (though can be disabled for specific queries).

If you want to be able to show an error message as in your code below for users who are in the system but simply not active (as opposed to users who are not in the system at all), then your approach is probably best.

Anthony

[João Matos]

Thanks for the feedback Anthony.