Loading django/test/client.py +1 −2 Original line number Diff line number Diff line Loading @@ -599,8 +599,7 @@ class Client(RequestFactory): """ from django.contrib.auth import authenticate user = authenticate(**credentials) if (user and user.is_active and apps.is_installed('django.contrib.sessions')): if user and apps.is_installed('django.contrib.sessions'): self._login(user) return True else: Loading docs/releases/1.10.txt +4 −0 Original line number Diff line number Diff line Loading @@ -678,6 +678,10 @@ Miscellaneous :class:`~django.contrib.auth.backends.AllowAllUsersRemoteUserBackend` in :setting:`AUTHENTICATION_BACKENDS` instead. * In light of the previous change, the test client's :meth:`~django.test.Client.login()` method no longer always rejects inactive users but instead delegates this decision to the authentication backend. .. _deprecated-features-1.10: Features deprecated in 1.10 Loading docs/topics/testing/tools.txt +6 −7 Original line number Diff line number Diff line Loading @@ -334,13 +334,6 @@ Use the ``django.test.Client`` class to make requests. ``login()`` method to simulate the effect of a user logging into the site. Inactive users (:attr:`is_active=False <django.contrib.auth.models.User.is_active>`) are not permitted to login as this method is meant to be equivalent to the :func:`~django.contrib.auth.login` view which uses :class:`~django.contrib.auth.forms.AuthenticationForm` and therefore defaults to rejecting users who are inactive. After you call this method, the test client will have all the cookies and session data required to pass any login-based tests that may form part of a view. Loading Loading @@ -378,6 +371,12 @@ Use the ``django.test.Client`` class to make requests. :meth:`~django.contrib.auth.models.UserManager.create_user` helper method to create a new user with a correctly hashed password. .. versionchanged:: 1.10 In previous versions, inactive users (:attr:`is_active=False <django.contrib.auth.models.User.is_active>`) were not permitted to login. .. method:: Client.force_login(user, backend=None) .. versionadded:: 1.9 Loading tests/test_client/tests.py +7 −3 Original line number Diff line number Diff line Loading @@ -432,10 +432,14 @@ class ClientTest(TestCase): self.assertFalse(login) def test_view_with_inactive_login(self): "Request a page that is protected with @login, but use an inactive login" """ An inactive user may login if the authenticate backend allows it. """ credentials = {'username': 'inactive', 'password': 'password'} self.assertFalse(self.client.login(**credentials)) login = self.client.login(username='inactive', password='password') self.assertFalse(login) with self.settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']): self.assertTrue(self.client.login(**credentials)) @override_settings( AUTHENTICATION_BACKENDS=[ Loading Loading
django/test/client.py +1 −2 Original line number Diff line number Diff line Loading @@ -599,8 +599,7 @@ class Client(RequestFactory): """ from django.contrib.auth import authenticate user = authenticate(**credentials) if (user and user.is_active and apps.is_installed('django.contrib.sessions')): if user and apps.is_installed('django.contrib.sessions'): self._login(user) return True else: Loading
docs/releases/1.10.txt +4 −0 Original line number Diff line number Diff line Loading @@ -678,6 +678,10 @@ Miscellaneous :class:`~django.contrib.auth.backends.AllowAllUsersRemoteUserBackend` in :setting:`AUTHENTICATION_BACKENDS` instead. * In light of the previous change, the test client's :meth:`~django.test.Client.login()` method no longer always rejects inactive users but instead delegates this decision to the authentication backend. .. _deprecated-features-1.10: Features deprecated in 1.10 Loading
docs/topics/testing/tools.txt +6 −7 Original line number Diff line number Diff line Loading @@ -334,13 +334,6 @@ Use the ``django.test.Client`` class to make requests. ``login()`` method to simulate the effect of a user logging into the site. Inactive users (:attr:`is_active=False <django.contrib.auth.models.User.is_active>`) are not permitted to login as this method is meant to be equivalent to the :func:`~django.contrib.auth.login` view which uses :class:`~django.contrib.auth.forms.AuthenticationForm` and therefore defaults to rejecting users who are inactive. After you call this method, the test client will have all the cookies and session data required to pass any login-based tests that may form part of a view. Loading Loading @@ -378,6 +371,12 @@ Use the ``django.test.Client`` class to make requests. :meth:`~django.contrib.auth.models.UserManager.create_user` helper method to create a new user with a correctly hashed password. .. versionchanged:: 1.10 In previous versions, inactive users (:attr:`is_active=False <django.contrib.auth.models.User.is_active>`) were not permitted to login. .. method:: Client.force_login(user, backend=None) .. versionadded:: 1.9 Loading
tests/test_client/tests.py +7 −3 Original line number Diff line number Diff line Loading @@ -432,10 +432,14 @@ class ClientTest(TestCase): self.assertFalse(login) def test_view_with_inactive_login(self): "Request a page that is protected with @login, but use an inactive login" """ An inactive user may login if the authenticate backend allows it. """ credentials = {'username': 'inactive', 'password': 'password'} self.assertFalse(self.client.login(**credentials)) login = self.client.login(username='inactive', password='password') self.assertFalse(login) with self.settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']): self.assertTrue(self.client.login(**credentials)) @override_settings( AUTHENTICATION_BACKENDS=[ Loading
