Raise PermissionDenied for inactive user accounts #826
Conversation
Codecov Report
@@ Coverage Diff @@
## master #826 +/- ##
=========================================
+ Coverage 90.87% 90.9% +0.03%
=========================================
Files 39 39
Lines 1742 1748 +6
=========================================
+ Hits 1583 1589 +6
Misses 159 159
Continue to review full report at Codecov.
|
tock/tock/remote_user_auth.py
Outdated
| @@ -5,11 +5,13 @@ | |||
| from django.core.exceptions import ValidationError | |||
| from django.conf import settings | |||
| from django.contrib.auth.models import User | |||
| from django.core.exceptions import PermissionDenied | |||
There was a problem hiding this comment.
Let's combine this with the ValidationError imported on L5 (and while we're at it, we can better match up our imports with best conventions)
There was a problem hiding this comment.
Whoops, missed that one thanks!
Deny access by and provide a help message to users with inactive accounts.
Jkrzy
force-pushed
the
825-inactive-users
branch
from
8c222c3
to
4fd483c
Compare
|
|
||
| def user_can_authenticate(self, user): | ||
| if not user.is_active: | ||
| raise PermissionDenied(ACCOUNT_INACTIVE_MSG) |
There was a problem hiding this comment.
This is an interesting way of handling this. In my head, I think I saw either redirecting to a simple templateView or maybe leveraging the messages framework, but I think I like piggybacking on the 403.
Description
For #825, deny access by and provide a help message to users with inactive accounts.
Additional information
Prevents inactive users from completing authentication w/ tock backend.