Skip to content
This repository was archived by the owner on May 26, 2020. It is now read-only.
This repository was archived by the owner on May 26, 2020. It is now read-only.

For inactive user, JSONWebTokenSerializer.validate() raises Unable to login with provided credentials.  #303

Open
Open
For inactive user, JSONWebTokenSerializer.validate() raises Unable to login with provided credentials. #303
@ibrahim12

Description

@ibrahim12
ibrahim12
opened on Jan 29, 2017

For inactive user, JSONWebTokenSerializer.validate() raises Unable to login with provided credentials.

Django Version 1.10.5

Django Model Backend's authenticate method checks as follows,

if user.check_password(password) and self.user_can_authenticate(user):
    return user

And user_can_authenticate method is

 def user_can_authenticate(self, user):
        """
        Reject users with is_active=False. Custom user models that don't have
        that attribute are allowed.
        """
       is_active = getattr(user, 'is_active', None)
       return is_active or is_active is None

So, If user is inactive then, in JSONWebTokenSerializers.validate method returns wrong response as it don't goes to that block of code as user is None.

  if user: <- This is None, for inactive user.
        if not user.is_active:
               msg = _('User account is disabled.')
               raise serializers.ValidationError(msg)

         payload = jwt_payload_handler(user)

         return {
               'token': jwt_encode_handler(payload),
               'user': user
         }
   else:
          msg = _('Unable to login with provided credentials.')
          raise serializers.ValidationError(msg)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions