add configuration for user authentication (#279)

t-io · Andrew-Chen-Wang · web-flow · commit 1b053bfe4db5 · 2020-08-21T08:53:24.000-04:00
* add configuration for user authentication.

* Isort lint

Co-authored-by: Andrew Chen Wang &lt;60190294+Andrew-Chen-Wang@users.noreply.github.com&gt;
diff --git a/rest_framework_simplejwt/authentication.py b/rest_framework_simplejwt/authentication.py
@@ -129,3 +129,14 @@ def get_user(self, validated_token):
             raise InvalidToken(_('Token contained no recognizable user identification'))
 
         return api_settings.TOKEN_USER_CLASS(validated_token)
+
+
+def default_user_authentication_rule(user):
+    # Prior to Django 1.10, inactive users could be authenticated with the
+    # default `ModelBackend`.  As of Django 1.10, the `ModelBackend`
+    # prevents inactive users from authenticating.  App designers can still
+    # allow inactive users to authenticate by opting for the new
+    # `AllowAllUsersModelBackend`.  However, we explicitly prevent inactive
+    # users from authenticating to enforce a reasonable policy and provide
+    # sensible backwards compatibility with older Django versions.
+    return True if user is not None and user.is_active else False
diff --git a/rest_framework_simplejwt/serializers.py b/rest_framework_simplejwt/serializers.py
@@ -1,3 +1,5 @@
+import importlib
+
 from django.contrib.auth import authenticate
 from django.utils.translation import gettext_lazy as _
 from rest_framework import exceptions, serializers
@@ -6,6 +8,9 @@
 from .state import User
 from .tokens import RefreshToken, SlidingToken, UntypedToken
 
+rule_package, user_eligible_for_login = api_settings.USER_AUTHENTICATION_RULE.rsplit('.', 1)
+login_rule = importlib.import_module(rule_package)
+
 
 class PasswordField(serializers.CharField):
     def __init__(self, *args, **kwargs):
@@ -42,14 +47,7 @@ def validate(self, attrs):
 
         self.user = authenticate(**authenticate_kwargs)
 
-        # Prior to Django 1.10, inactive users could be authenticated with the
-        # default `ModelBackend`.  As of Django 1.10, the `ModelBackend`
-        # prevents inactive users from authenticating.  App designers can still
-        # allow inactive users to authenticate by opting for the new
-        # `AllowAllUsersModelBackend`.  However, we explicitly prevent inactive
-        # users from authenticating to enforce a reasonable policy and provide
-        # sensible backwards compatibility with older Django versions.
-        if self.user is None or not self.user.is_active:
+        if not getattr(login_rule, user_eligible_for_login)(self.user):
             raise exceptions.AuthenticationFailed(
                 self.error_messages['no_active_account'],
                 'no_active_account',
diff --git a/rest_framework_simplejwt/settings.py b/rest_framework_simplejwt/settings.py
@@ -24,6 +24,7 @@
     'AUTH_HEADER_TYPES': ('Bearer',),
     'USER_ID_FIELD': 'id',
     'USER_ID_CLAIM': 'user_id',
+    'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',
 
     'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
     'TOKEN_TYPE_CLAIM': 'token_type',
