Fix login validation

CHANGELOG.rst

@@ -5,6 +5,12 @@ Change Log
 This document records all notable changes to djoser.
 This project adheres to `Semantic Versioning <http://semver.org/>`_.
 
+---------------------
+`2.0.3`_ (2019-08-24)
+---------------------
+
+* Fixed login validation
+
 ---------------------
 `2.0.2`_ (2019-08-17)
 ---------------------
@@ -371,3 +377,4 @@ few bugfixes / documentation updates. List of changes:
 .. _2.0.0: https://github.com/sunscrapers/djoser/compare/1.7.0...2.0.0
 .. _2.0.1: https://github.com/sunscrapers/djoser/compare/2.0.0...2.0.1
 .. _2.0.2: https://github.com/sunscrapers/djoser/compare/2.0.1...2.0.2
+.. _2.0.3: https://github.com/sunscrapers/djoser/compare/2.0.2...2.0.3

djoser/__init__.py

@@ -1 +1 @@
-__version__ = "2.0.2"
+__version__ = "2.0.3"

djoser/serializers.py

@@ -1,5 +1,3 @@
-import warnings
-
 from django.contrib.auth import authenticate, get_user_model
 from django.contrib.auth.password_validation import validate_password
 from django.core import exceptions as django_exceptions
@@ -114,13 +112,16 @@ def __init__(self, *args, **kwargs):
         self.fields[settings.LOGIN_FIELD] = serializers.CharField(required=False)
 
     def validate(self, attrs):
-        self.user = authenticate(
-            username=attrs.get(settings.LOGIN_FIELD), password=attrs.get("password")
-        )
-
+        password = attrs.get("password")
+        params = {settings.LOGIN_FIELD: attrs.get(settings.LOGIN_FIELD)}
+        self.user = authenticate(**params, password=password)
         if not self.user:
-            self.fail("invalid_credentials")
-        return attrs
+            self.user = User.objects.filter(**params).first()
+            if self.user and not self.user.check_password(password):
+                self.fail("invalid_credentials")
+        if self.user and self.user.is_active:
+            return attrs
+        self.fail("invalid_credentials")
 
 
 class UserFunctionsMixin:

setup.py

@@ -18,7 +18,7 @@ def get_packages(package):
 
 setup(
     name="djoser",
-    version="2.0.2",
+    version="2.0.3",
     packages=get_packages("djoser"),
     license="MIT",
     author="SUNSCRAPERS",

testproject/testapp/tests/test_token_create.py

@@ -1,5 +1,7 @@
 import django
+from django.conf import settings as django_settings
 from django.contrib.auth import user_logged_in, user_login_failed
+from django.test import override_settings
 from djet import assertions
 from rest_framework import status
 from rest_framework.reverse import reverse
@@ -82,3 +84,18 @@ def test_post_should_not_login_if_empty_request(self):
             response.data["non_field_errors"],
             [settings.CONSTANTS.messages.INVALID_CREDENTIALS_ERROR],
         )
+
+    @override_settings(DJOSER=dict(django_settings.DJOSER, **{"LOGIN_FIELD": "email"}))
+    def test_login_using_email(self):
+        user = create_user()
+        previous_last_login = user.last_login
+        data = {"email": user.email, "password": user.raw_password}
+        user_logged_in.connect(self.signal_receiver)
+
+        response = self.client.post(self.base_url, data)
+        user.refresh_from_db()
+
+        self.assert_status_equal(response, status.HTTP_200_OK)
+        self.assertEqual(response.data["auth_token"], user.auth_token.key)
+        self.assertNotEqual(user.last_login, previous_last_login)
+        self.assertTrue(self.signal_sent)