Currently with django's default auth.authenticate method, it will return None if the credentials are correct, but user.is_active is false.
This means that users who have correctly entered their credentials but haven't verified their account/email will receive the same error message as users who have incorrectly entered their credentials.
I am looking to provide users with an error message for an edge case when they've entered the correct credentials, but haven't activated their account via email verification and thus user.is_active=False.
My question is how do I implement this safely and efficiently?
views.py:
...
from django.contrib.auth import authenticate
class LoginView(View):
def get(self, request):
return render(request, 'accounts/login.html')
def post(self, request):
username = request.POST['username']
password = request.POST['password']
if username and password:
user = auth.authenticate(username=username, password=password)
if user:
if user.is_active:
auth.login(request, user)
return redirect('accounts:home')
else:
uidb64 = Base64.get_uidb64(user)
message = format_html("Please check your email for a verification link, or <a href='{}'>click here to request a new one.</a>", reverse('accounts:verify', kwargs={'uidb64':uidb64}))
messages.error(request, message)
else:
messages.error(request, 'Invalid account credentials. Please try again.')
return render(request, 'accounts/login.html')
return render(request, 'accounts/login.html')