#16996: login_required decorator should check user.is_active
------------------------------+--------------------
Reporter: ptone | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: SVN
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
This decorator only checks that user.is_authenticated
changing the decorator to also check user.is_active would be somewhat
backwards incompatible, but would in general be what people would expect
of the decorator.
Instead of the meaning being "the decorator ensures that the user needs to
be logged in, or requires that they be an active user at their next login"
instead would be:
"decorator ensures that the user is logged in and active"
(those aren't proposed docs, just semantic meaning repr)
Basically, if a user is already logged in, and they have a long lived auth
cookie, if you mark that user as inactive, they will continue to be able
to access decorated views until they next need to login, as is_active is
only checked in the login form.
--
Ticket URL: <https://code.djangoproject.com/ticket/16996>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
