Emit warning log if inactive user trys to authenticate

.fussyfox.yml

@@ -1,4 +1,5 @@
 - bandit
+- black
 - flake8
 - isort
 - pydocstyle

.github/workflows/ci.yml

@@ -6,6 +6,7 @@ jobs:
     steps:
       - uses: actions/setup-python@v2
       - uses: actions/checkout@v2
+      - run: python -m pip install --upgrade pip setuptools wheel
       - run: python -m pip install -r requirements.txt
       - run: python setup.py develop
       - run: python setup.py build_sphinx -W

docs/conf.py

@@ -6,30 +6,32 @@
 from pkg_resources import get_distribution
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "tests.testapp.settings")
-sys.path.insert(0, os.path.abspath('..'))
+sys.path.insert(0, os.path.abspath(".."))
 django.setup()
 
 project = "Django Mail Auth"
 copyright = "2019, Johannes Hoppe"
-release = get_distribution('django-mail-auth').version
-version = '.'.join(release.split('.')[:2])
+release = get_distribution("django-mail-auth").version
+version = ".".join(release.split(".")[:2])
 
-master_doc = 'index'
+master_doc = "index"
 
 extensions = [
-    'sphinx.ext.autodoc',
-    'sphinx.ext.napoleon',
-    'sphinx.ext.intersphinx',
-    'sphinx.ext.doctest',
+    "sphinx.ext.autodoc",
+    "sphinx.ext.napoleon",
+    "sphinx.ext.intersphinx",
+    "sphinx.ext.doctest",
 ]
 
 intersphinx_mapping = {
-    'python': ('https://docs.python.org/3', None),
-    'django': ('https://docs.djangoproject.com/en/stable/',
-               'https://docs.djangoproject.com/en/stable/_objects/'),
+    "python": ("https://docs.python.org/3", None),
+    "django": (
+        "https://docs.djangoproject.com/en/stable/",
+        "https://docs.djangoproject.com/en/stable/_objects/",
+    ),
 }
 
 
 autodoc_default_options = {
-    'show-inheritance': True,
+    "show-inheritance": True,
 }

mailauth/backends.py

@@ -15,8 +15,8 @@ class MailAuthBackend(ModelBackend):
     signer = signing.UserSigner()
 
     def authenticate(self, request, token=None):
-        max_age = getattr(settings, 'LOGIN_URL_TIMEOUT', 60 * 15)
-        single_use = getattr(settings, 'LOGIN_TOKEN_SINGLE_USE', True)
+        max_age = getattr(settings, "LOGIN_URL_TIMEOUT", 60 * 15)
+        single_use = getattr(settings, "LOGIN_TOKEN_SINGLE_USE", True)
 
         try:
             user = self.signer.unsign(token, max_age=max_age, single_use=single_use)
@@ -32,14 +32,16 @@ def authenticate(self, request, token=None):
         else:
             if self.user_can_authenticate(user):
                 return user
+            logger.warning(
+                "User '%s' is not allowed to authenticate.",
+                user,
+                exc_info=True,
+            )
 
     @classmethod
     def get_token(cls, user):
         return cls.signer.sign(user)
 
     @staticmethod
     def get_login_url(token):
-        return reverse(
-            'mailauth:login-token',
-            kwargs={'token': token}
-        )
+        return reverse("mailauth:login-token", kwargs={"token": token})

mailauth/contrib/admin/__init__.py

@@ -1 +1 @@
-default_app_config = 'mailauth.contrib.admin.apps.MailAuthAdmin'
+default_app_config = "mailauth.contrib.admin.apps.MailAuthAdmin"

mailauth/contrib/admin/apps.py

@@ -2,5 +2,5 @@
 
 
 class MailAuthAdmin(AppConfig):
-    name = 'mailauth.contrib.admin'
-    label = 'mailauth_admin'
+    name = "mailauth.contrib.admin"
+    label = "mailauth_admin"

mailauth/contrib/admin/views.py

@@ -6,20 +6,24 @@
 
 
 class AdminLoginView(LoginView):
-    template_name = 'mailauth_admin/login.html'
+    template_name = "mailauth_admin/login.html"
     site = None
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        context.update({
-            **self.site.each_context(self.request),
-            'title': _('Log in'),
-            'app_path': self.request.get_full_path(),
-            'username': self.request.user.get_username(),
-        })
-        if (REDIRECT_FIELD_NAME not in self.request.GET and
-                REDIRECT_FIELD_NAME not in self.request.POST):
+        context.update(
+            {
+                **self.site.each_context(self.request),
+                "title": _("Log in"),
+                "app_path": self.request.get_full_path(),
+                "username": self.request.user.get_username(),
+            }
+        )
+        if (
+            REDIRECT_FIELD_NAME not in self.request.GET
+            and REDIRECT_FIELD_NAME not in self.request.POST
+        ):
             context[REDIRECT_FIELD_NAME] = reverse(
-                'admin:index', current_app=self.site.name
+                "admin:index", current_app=self.site.name
             )
         return context

mailauth/contrib/user/__init__.py

@@ -1 +1 @@
-default_app_config = 'mailauth.contrib.user.apps.AuthConfig'
+default_app_config = "mailauth.contrib.user.apps.AuthConfig"

mailauth/contrib/user/admin.py

@@ -6,22 +6,29 @@
 
 @admin.register(models.EmailUser)
 class EmailUserAdmin(admin.ModelAdmin):
-    app_label = 'asdf'
-    list_display = ('email', 'first_name', 'last_name', 'is_staff')
-    list_filter = ('is_staff', 'is_superuser', 'is_active', 'groups')
-    search_fields = ('first_name', 'last_name', 'email')
-    ordering = ('email',)
-    filter_horizontal = ('groups', 'user_permissions',)
+    app_label = "asdf"
+    list_display = ("email", "first_name", "last_name", "is_staff")
+    list_filter = ("is_staff", "is_superuser", "is_active", "groups")
+    search_fields = ("first_name", "last_name", "email")
+    ordering = ("email",)
+    filter_horizontal = (
+        "groups",
+        "user_permissions",
+    )
 
     fieldsets = (
-        (None, {
-            'fields': (('email', 'is_active'), ('first_name', 'last_name'))
-        }),
-        (Group._meta.verbose_name_plural, {
-            'fields': ('groups',),
-        }),
-        (Permission._meta.verbose_name_plural, {
-            'classes': ('collapse',),
-            'fields': (('is_staff', 'is_superuser'), 'user_permissions'),
-        }),
+        (None, {"fields": (("email", "is_active"), ("first_name", "last_name"))}),
+        (
+            Group._meta.verbose_name_plural,
+            {
+                "fields": ("groups",),
+            },
+        ),
+        (
+            Permission._meta.verbose_name_plural,
+            {
+                "classes": ("collapse",),
+                "fields": (("is_staff", "is_superuser"), "user_permissions"),
+            },
+        ),
     )

mailauth/contrib/user/apps.py

@@ -2,5 +2,5 @@
 
 
 class AuthConfig(AppConfig):
-    name = 'mailauth.contrib.user'
-    label = 'mailauth_user'
+    name = "mailauth.contrib.user"
+    label = "mailauth_user"

mailauth/contrib/user/migrations/0001_initial.py

@@ -11,33 +11,110 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('auth', '0006_require_contenttypes_0002'),
+        ("auth", "0006_require_contenttypes_0002"),
     ]
 
     operations = [
         migrations.CreateModel(
-            name='EmailUser',
+            name="EmailUser",
             fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
-                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
-                ('first_name', models.CharField(blank=True, max_length=30, verbose_name='first name')),
-                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
-                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
-                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
-                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
-                ('email', models.EmailField(db_index=True, max_length=254, unique=True, verbose_name='email address')),
-                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')),
-                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "last_login",
+                    models.DateTimeField(
+                        blank=True, null=True, verbose_name="last login"
+                    ),
+                ),
+                (
+                    "is_superuser",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates that this user has all permissions without explicitly assigning them.",
+                        verbose_name="superuser status",
+                    ),
+                ),
+                (
+                    "first_name",
+                    models.CharField(
+                        blank=True, max_length=30, verbose_name="first name"
+                    ),
+                ),
+                (
+                    "last_name",
+                    models.CharField(
+                        blank=True, max_length=150, verbose_name="last name"
+                    ),
+                ),
+                (
+                    "is_staff",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates whether the user can log into this admin site.",
+                        verbose_name="staff status",
+                    ),
+                ),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True,
+                        help_text="Designates whether this user should be treated as active. Unselect this instead of deleting accounts.",
+                        verbose_name="active",
+                    ),
+                ),
+                (
+                    "date_joined",
+                    models.DateTimeField(
+                        default=django.utils.timezone.now, verbose_name="date joined"
+                    ),
+                ),
+                (
+                    "email",
+                    models.EmailField(
+                        db_index=True,
+                        max_length=254,
+                        unique=True,
+                        verbose_name="email address",
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.Group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "user_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this user.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.Permission",
+                        verbose_name="user permissions",
+                    ),
+                ),
             ],
             options={
-                'verbose_name': 'user',
-                'verbose_name_plural': 'users',
-                'abstract': False,
-                'swappable': 'AUTH_USER_MODEL',
+                "verbose_name": "user",
+                "verbose_name_plural": "users",
+                "abstract": False,
+                "swappable": "AUTH_USER_MODEL",
             },
             managers=[
-                ('objects', mailauth.contrib.user.models.EmailUserManager()),
+                ("objects", mailauth.contrib.user.models.EmailUserManager()),
             ],
         ),
     ]

mailauth/contrib/user/migrations/0002_emailuser_session_salt.py

@@ -8,13 +8,17 @@
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('mailauth_user', '0001_initial'),
+        ("mailauth_user", "0001_initial"),
     ]
 
     operations = [
         migrations.AddField(
-            model_name='emailuser',
-            name='session_salt',
-            field=models.CharField(default=mailauth.contrib.user.models._get_session_salt, editable=False, max_length=12),
+            model_name="emailuser",
+            name="session_salt",
+            field=models.CharField(
+                default=mailauth.contrib.user.models._get_session_salt,
+                editable=False,
+                max_length=12,
+            ),
         ),
     ]

mailauth/contrib/user/migrations/0003_ci_unique_index.py

@@ -12,28 +12,25 @@ def _operations():
     if CIEmailField:
         yield CITextExtension()
         yield migrations.AlterField(
-            model_name='emailuser',
-            name='email',
+            model_name="emailuser",
+            name="email",
             field=CIEmailField(
-                db_index=True, max_length=254, unique=True, verbose_name='email address'
+                db_index=True, max_length=254, unique=True, verbose_name="email address"
             ),
         )
     else:
         yield migrations.RunSQL(
             sql=(
-                'CREATE UNIQUE INDEX mailauth_user_emailuser_email_upper_idx'
+                "CREATE UNIQUE INDEX mailauth_user_emailuser_email_upper_idx"
                 ' ON mailauth_user_emailuser (UPPER("email"));',
-            )
-            ,
-            reverse_sql=(
-                'DROP INDEX mailauth_user_emailuser_email_upper_idx;',
-            )
+            ),
+            reverse_sql=("DROP INDEX mailauth_user_emailuser_email_upper_idx;",),
         )
 
 
 class Migration(migrations.Migration):
     dependencies = [
-        ('mailauth_user', '0002_emailuser_session_salt'),
+        ("mailauth_user", "0002_emailuser_session_salt"),
     ]
 
     operations = list(_operations())