Emit warning log if inactive user trys to authenticate

codingjoe · codingjoe · commit 394259b92504 · 2020-11-12T11:57:25.000+01:00
diff --git a/mailauth/backends.py b/mailauth/backends.py
@@ -32,6 +32,7 @@ def authenticate(self, request, token=None):
         else:
             if self.user_can_authenticate(user):
                 return user
+            logger.warning("User '%s' is not allowed to authenticate.", user, exc_info=True)
 
     @classmethod
     def get_token(cls, user):
diff --git a/tests/test_backends.py b/tests/test_backends.py
@@ -12,6 +12,21 @@ def test_authenticate(self, db, user, settings, signer, signature):
         assert user is not None
         assert user.is_authenticated
 
+    def test_authenticate__user_is_not_active(self, db, caplog, user, settings, signer, signature):
+        settings.LOGIN_URL_TIMEOUT = float("inf")
+        backend = MailAuthBackend()
+        backend.signer = signer
+        user.is_active = False
+        user.save(update_fields=['is_active'], force_update=True)
+        with caplog.at_level(logging.WARNING):
+            user = backend.authenticate(None, token=signature)
+
+        assert user is None
+        assert caplog.records[-1].levelname == "WARNING"
+        assert caplog.records[-1].message == (
+            "User 'spiderman@avengers.com' is not allowed to authenticate."
+        )
+
     def test_authenticate__user_does_not_exist(
         self, db, caplog, settings, signer, signature
     ):
