From 5d7aba72b5c636c149e52f6461b459de47afc9e1 Mon Sep 17 00:00:00 2001 From: ludbek Date: Tue, 7 Mar 2017 15:22:28 +0545 Subject: [PATCH 1/2] overridable user activeness checker for custom user model --- rest_framework/authentication.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index cb9608a3c..193d745ba 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -85,6 +85,13 @@ class BasicAuthentication(BaseAuthentication): userid, password = auth_parts[0], auth_parts[2] return self.authenticate_credentials(userid, password) + def user_is_active(self, user): + """ + Returns True if user is active else returns False. + Override this if some other field in custom user model determines user's activeness. + """ + return user.is_active + def authenticate_credentials(self, userid, password): """ Authenticate the userid and password against username and password. @@ -98,7 +105,7 @@ class BasicAuthentication(BaseAuthentication): if user is None: raise exceptions.AuthenticationFailed(_('Invalid username/password.')) - if not user.is_active: + if not self.user_is_active(user): raise exceptions.AuthenticationFailed(_('User inactive or deleted.')) return (user, None) @@ -122,7 +129,7 @@ class SessionAuthentication(BaseAuthentication): user = getattr(request._request, 'user', None) # Unauthenticated, CSRF validation not required - if not user or not user.is_active: + if not user or not self.user_is_active(user): return None self.enforce_csrf(request) @@ -194,7 +201,7 @@ class TokenAuthentication(BaseAuthentication): except model.DoesNotExist: raise exceptions.AuthenticationFailed(_('Invalid token.')) - if not token.user.is_active: + if not self.user_is_active(token.user): raise exceptions.AuthenticationFailed(_('User inactive or deleted.')) return (token.user, token) From d844fb53dd0439cb326c876a981a88b7caaec6af Mon Sep 17 00:00:00 2001 From: ludbek Date: Tue, 7 Mar 2017 15:34:09 +0545 Subject: [PATCH 2/2] bug fix --- rest_framework/authentication.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 193d745ba..1812ba26b 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -37,6 +37,12 @@ class BaseAuthentication(object): """ All authentication classes should extend BaseAuthentication. """ + def user_is_active(self, user): + """ + Returns True if user is active else returns False. + Override this if some other field in custom user model determines user's activeness. + """ + return user.is_active def authenticate(self, request): """ @@ -85,13 +91,6 @@ class BasicAuthentication(BaseAuthentication): userid, password = auth_parts[0], auth_parts[2] return self.authenticate_credentials(userid, password) - def user_is_active(self, user): - """ - Returns True if user is active else returns False. - Override this if some other field in custom user model determines user's activeness. - """ - return user.is_active - def authenticate_credentials(self, userid, password): """ Authenticate the userid and password against username and password.