#15366: AuthenticationForm should optionally permit inactive user login
--------------------------------------------------+------------------------
Reporter: krejcik@… | Owner: hjeffrey
Status: assigned | Milestone:
Component: Authentication | Version: 1.3-beta
Resolution: | Keywords: inactive
Triage Stage: Design decision needed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
--------------------------------------------------+------------------------
Changes (by hjeffrey):
* stage: Accepted => Design decision needed
Comment:
I don't know it this is the best way of handling the problem, but it
seemed the simplest and most straight forward solution that would work
generically.
There is possibly the issue that could arise were there are several
backends for which the user has inactive accounts, some of which allow
inactive users to log in while others do not. In this scenario the user
would be rejected if the first backend that had credentials for him
didn't allow inactive users to log in ever if others in the list did or
even if he had an active account further down the list of backends.
Is inactive user login going to be a project wide setting for all backends
or be handled on a backend by backend basis? If it's project wide the
approach should work alright, but it still ignore active accounts further
down in the list. If it's backend by backend what would be the appropriate
authentication handling under the scenario presented?
--
Ticket URL: <http://code.djangoproject.com/ticket/15366#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
