Storing login_valid with False on successful custom login

[ashrafemad]

I've added watch_login() decorator to my custom login class and i saw it always storing login_valid on db as False

i found that my view returns status_code 200 and not 302 so i added status_code argument to watch_login(status_code=200) and it's still login_valid is False

Looking at the package source code i found this defender/decorators.py

if status_code == 302:  # standard Django login view
    login_unsuccessful = (
        response
        and not response.has_header("location")
        and response.status_code != status_code
    )
else:
    # If msg is not passed the last condition will be evaluated
    # always to True so the first 2 will decide the result.
    login_unsuccessful = (
        response
        and response.status_code == status_code
        and msg in response.content.decode("utf-8")
    )

i think in the else block we need to change and response.status_code == status_code to be and response.status_code != status_code

[kencochrane]

@ashrafemad thanks for finding this. It has been a while since I looked at that code, but I think you are right. Feel free to submit a PR with the proposed change, and we can review and merge. If possible, maybe add a unit test to confirm it is working as it should, and we make sure we don't regress in the future. Thanks again.