Home/ Questions/Q 8869013
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T17:23:10+00:00

I am writing a custom authentication backend (and a custom user model) to check

  • 0

I am writing a custom authentication backend (and a custom user model) to check if a user account is locked or expired. I see that in all the examples of authentication backend return value is either a User object or None. And the only exception generated is User.DoesNotExist.

My question is how should I go about returning different results (e.g. account is locked or expired or max number of login attempts have reached)?

Should I raise custom exceptions or there is another way to do this?

I am using Django 1.5alpha.

EDIT:
I need to get multiple statuses to display appropriate message to a user and redirect to an appropriate view.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up doing this in case anyone has the same question. 

    class UserNotActivatedError(Exception):
    pass

class UserLockedError(Exception):
    def __init__(self, remaining_mins):
        self.remaining_mins = remaining_mins

# backend
def authenticate(self, email=None, password=None):
    if email is None or password is None:
        return None
    try:
        user = ExtUser.objects.get(email=email)
        user.last_login_attempt_at = timezone.now()
        if not use.is_active:
            raise UserNotActivatedError
        if user.is_locked:
            # Check when it was locked and found the duration
            sec_to_go = user.get_remaining_locktime()
            if sec_to_go:
                raise UserLockedError(sec_to_go)
        if user.check_password(password):
            user.last_login_at = timezone.now() 
            return user
        else:
            return None
    except User.DoesNotExist:
        return None

    Then in the login form you can catch these errors and pass on appropriate validation errors to the view.

    • 0