Implemented AuthenticationForm that optionally allows users with is_active=False to log in. [bug 614705]

apps/users/forms.py

@@ -1,4 +1,5 @@
 from django import forms
+from django.contrib.auth import authenticate, forms as auth_forms
 from django.contrib.auth.models import User
 
 from tower import ugettext as _, ugettext_lazy as _lazy
@@ -19,6 +20,7 @@ EMAIL_LONG = _lazy('Email address is too long (%(show_value)s characters). '
 PASSWD_REQUIRED = _lazy('Password is required.')
 PASSWD2_REQUIRED = _lazy('Please enter your password twice.')
 
+
 class RegisterForm(forms.ModelForm):
     """A user registration form that requires unique email addresses.
 
@@ -48,8 +50,8 @@ class RegisterForm(forms.ModelForm):
                                 widget=forms.PasswordInput(
                                     render_value=False),
                                 error_messages={'required': PASSWD2_REQUIRED},
-                                help_text = _('Enter the same password as '
-                                              'above, for verification.'))
+                                help_text=_('Enter the same password as '
+                                            'above, for verification.'))
 
     class Meta(object):
         model = User
@@ -71,3 +73,33 @@ class RegisterForm(forms.ModelForm):
             raise forms.ValidationError(_('A user with that email address '
                                           'already exists.'))
         return email
+
+
+class AuthenticationForm(auth_forms.AuthenticationForm):
+    """Overrides the default django form to allow logging in inactive
+    users. To allow inactive users, initialize with `only_active=False`."""
+    def __init__(self, request=None, only_active=True, *args, **kwargs):
+        self.only_active = only_active
+        super(AuthenticationForm, self).__init__(request, *args, **kwargs)
+
+    def clean(self):
+        username = self.cleaned_data.get('username')
+        password = self.cleaned_data.get('password')
+
+        if username and password:
+            self.user_cache = authenticate(username=username,
+                                           password=password)
+            if self.user_cache is None:
+                raise forms.ValidationError(
+                    _('Please enter a correct username and password. Note '
+                      'that both fields are case-sensitive.'))
+            elif self.only_active and not self.user_cache.is_active:
+                raise forms.ValidationError(_("This account is inactive."))
+
+        if self.request:
+            if not self.request.session.test_cookie_worked():
+                raise forms.ValidationError(
+                    _("Your Web browser doesn't appear to have cookies "
+                      "enabled. Cookies are required for logging in."))
+
+        return self.cleaned_data

apps/users/tests/test_forms.py

@@ -0,0 +1,45 @@
+from django.contrib.auth.models import User
+
+from users.forms import AuthenticationForm
+from users.tests import TestCaseBase
+
+
+class AuthenticationFormTests(TestCaseBase):
+    """AuthenticationForm tests."""
+    fixtures = ['users.json']
+
+    def test_only_active(self):
+        # Verify with active user
+        user = User.objects.get(username='rrosario')
+        assert user.is_active
+        form = AuthenticationForm(data={'username': 'rrosario',
+                                        'password': 'testpass'})
+        assert form.is_valid()
+
+        # Verify with inactive user
+        user.is_active = False
+        user.save()
+        user = User.objects.get(username='rrosario')
+        assert not user.is_active
+        form = AuthenticationForm(data={'username': 'rrosario',
+                                        'password': 'testpass'})
+        assert not form.is_valid()
+
+    def test_allow_inactive(self):
+        # Verify with active user
+        user = User.objects.get(username='rrosario')
+        assert user.is_active
+        form = AuthenticationForm(only_active=False,
+                                  data={'username': 'rrosario',
+                                        'password': 'testpass'})
+        assert form.is_valid()
+
+        # Verify with inactive user
+        user.is_active = False
+        user.save()
+        user = User.objects.get(username='rrosario')
+        assert not user.is_active
+        form = AuthenticationForm(only_active=False,
+                                  data={'username': 'rrosario',
+                                        'password': 'testpass'})
+        assert form.is_valid()

apps/users/views.py

@@ -1,10 +1,8 @@
 import urlparse
 
-from django import http
 from django.conf import settings
 from django.contrib import auth
-from django.contrib.auth.forms import (AuthenticationForm, PasswordResetForm,
-                                       SetPasswordForm)
+from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm
 from django.contrib.auth.models import User
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import Site
@@ -18,7 +16,7 @@ import jingo
 from sumo.decorators import ssl_required, logout_required
 from sumo.urlresolvers import reverse
 from users.backends import Sha256Backend  # Monkey patch User.set_password.
-from users.forms import RegisterForm
+from users.forms import RegisterForm, AuthenticationForm
 
 
 @ssl_required
@@ -74,7 +72,6 @@ def register(request):
                         {'form': form})
 
 
-
 # Password reset views are based on django.contrib.auth.views.
 # 4 views for password reset:
 # - password_reset sends the mail
@@ -82,7 +79,6 @@ def register(request):
 # - password_reset_confirm checks the link the user clicked and
 #   prompts for a new password
 # - password_reset_complete shows a success message for the above
-
 @ssl_required
 def password_reset(request):
     """Password reset form."""