You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Based on the comments in the above issues, the case for doing this was to prevent inactive users from logging in but an inactive user is not the same as a user who can't authenticate due to invalid credentials. These are much different things.
In 0.5.0 you could do:
@login_manager.user_loaderdefload_user(uid):
user=user_model.query.get(uid)
ifnotuser.is_active():
login_manager.login_message='This account has been disabled.'returnNonereturnuser
And then if an inactive user tried to login they would receive a custom flash message. This lets them know they have an account but they've been disabled.
With 0.6.0 this code path doesn't seem to execute because the user gets blocked before they would be loaded so you end up with whatever message you would send to the user when their authentication failed. This is a regression in behavior.
I thought a potential workaround in 0.6.0 would have been to add this to my user model (the default in 0.5.0):
defis_authenticated(self):
returnTrue
But this had no effect. I'm still not able to execute the user loader that would have presented a custom flash message.
How can we get the old behavior back where end users of this library can handle inactive users after they've been authenticated?
The text was updated successfully, but these errors were encountered:
Version 0.6.0 has:
Based on the comments in the above issues, the case for doing this was to prevent inactive users from logging in but an inactive user is not the same as a user who can't authenticate due to invalid credentials. These are much different things.
In 0.5.0 you could do:
And then if an inactive user tried to login they would receive a custom flash message. This lets them know they have an account but they've been disabled.
With 0.6.0 this code path doesn't seem to execute because the user gets blocked before they would be loaded so you end up with whatever message you would send to the user when their authentication failed. This is a regression in behavior.
I thought a potential workaround in 0.6.0 would have been to add this to my user model (the default in 0.5.0):
But this had no effect. I'm still not able to execute the user loader that would have presented a custom flash message.
How can we get the old behavior back where end users of this library can handle inactive users after they've been authenticated?
The text was updated successfully, but these errors were encountered: