You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2020. It is now read-only.
For inactive user, JSONWebTokenSerializer.validate() raises Unable to login with provided credentials.
Django Version 1.10.5
Django Model Backend's authenticate method checks as follows,
if user.check_password(password) and self.user_can_authenticate(user):
return user
And user_can_authenticate method is
def user_can_authenticate(self, user):
"""
Reject users with is_active=False. Custom user models that don't have
that attribute are allowed.
"""
is_active = getattr(user, 'is_active', None)
return is_active or is_active is None
So, If user is inactive then, in JSONWebTokenSerializers.validate method returns wrong response as it don't goes to that block of code as user is None.
if user: <- This is None, for inactive user.
if not user.is_active:
msg = _('User account is disabled.')
raise serializers.ValidationError(msg)
payload = jwt_payload_handler(user)
return {
'token': jwt_encode_handler(payload),
'user': user
}
else:
msg = _('Unable to login with provided credentials.')
raise serializers.ValidationError(msg)
The text was updated successfully, but these errors were encountered:
I face the same issue. I still do NOT want to authenticate inactive user, however, I'd like to differentiate the error response. It always throws 'wrong credentials' error. How can I solve this problem?
Django Version 1.10.5
Django Model Backend's authenticate method checks as follows,
And user_can_authenticate method is
So, If user is inactive then, in
JSONWebTokenSerializers.validate
method returns wrong response as it don't goes to that block of code as user is None.The text was updated successfully, but these errors were encountered: