From b689a3bdaa521b14d13266c866180d19585babe4 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Thu, 29 Sep 2016 12:03:14 +0100
Subject: [PATCH] Add note about 'User account is disabled.' vs 'Unable to log
 in'

---
 rest_framework/authtoken/serializers.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
index df0c48b86..90d3bd96e 100644
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@@ -16,6 +16,9 @@ class AuthTokenSerializer(serializers.Serializer):
             user = authenticate(username=username, password=password)
 
             if user:
+                # From Django 1.10 onwards the `authenticate` call simply
+                # returns `None` for is_active=False users.
+                # (Assuming the default `ModelBackend` authentication backend.)
                 if not user.is_active:
                     msg = _('User account is disabled.')
                     raise serializers.ValidationError(msg)