Sњh`SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SSK J r Jr \"5q"S S \5rg ) )local)get_user_model) ModelBackend) get_adapter) LoginMethod) app_settings)filter_users_by_emailfilter_users_by_usernamec\rSrSrSrSrS\S\4SjrS\S\4SjrS \S\4S jr S r S r \ S 5r \ S5rSrg)AuthenticationBackendc URS5nU(dgSUlUR"U40UD6nUR(dURU5 U$)NpasswordF)get_did_check_password _authenticate_mitigate_timing_attack)selfrequest credentialsrusers XD:\Anime\Ugyen\janka_web_project\venv\Lib\site-packages\allauth/account/auth_backends.py authenticate"AuthenticationBackend.authenticatesO??:.#( !!'9[9''  ( ( 2 c URS5nURS5nU(aV[R[R;aUR XC5nU(aU$UR XC5nU(aU$URS5nU(aUR Xc5nU(aU$URS5nU(aURXs5nU(aU$g)Nrusernameemailphone)rrEMAILr LOGIN_METHODS_authenticate_by_email_authenticate_by_username_authenticate_by_phone)rrrrrrrr s rr#AuthenticationBackend._authenticates??:.??:.   L$>$>> 228FK11(ED ( ..u?D ( ..u?D rr rcU(a"[R[R;ag[ 5nUR U5nUR XB5$N)rPHONEr r"rget_user_by_phone_check_password)rr radapterrs rr%,AuthenticationBackend._authenticate_by_phone9sC ))1K1KK-((/##D33rrc[R[R;d[R(aU(dg[ U5R 5nURX25$r()rUSERNAMEr r"USER_MODEL_USERNAME_FIELDr firstr+)rrrrs rr$/AuthenticationBackend._authenticate_by_username@sI  ! !)C)C C ::'1779##D33rrcU(a"[R[R;ag[ USS9nUHnUR XB5(dMUs $ g)NT)prefer_verified)rr!r r"r r+)rrrusersrs rr#,AuthenticationBackend._authenticate_by_emailJsN  ))1K1KK%eTBD##D33 rc@[5"5RU5 gr()r set_password)rrs rr-AuthenticationBackend._mitigate_timing_attackWs''1rcU(dgSUlURU5nU(a)URU5nU(dURU5 U(aU$S$)NT)rcheck_passworduser_can_authenticate _stash_user)rrroks rr+%AuthenticationBackend._check_passwordZsQ#'   * ++D1B  &t#t#rc>[[SS5nU[lU$)aNow, be aware, the following is quite ugly, let me explain: Even if the user credentials match, the authentication can fail because Django's default ModelBackend calls user_can_authenticate(), which checks `is_active`. Now, earlier versions of allauth did not do this and simply returned the user as authenticated, even in case of `is_active=False`. For allauth scope, this does not pose a problem, as these users are properly redirected to an account inactive page. This does pose a problem when the allauth backend is used in a different context where allauth is not responsible for the login. Then, by not checking on `user_can_authenticate()` users will allow to become authenticated whereas according to Django logic this should not be allowed. In order to preserve the allauth behavior while respecting Django's logic, we stash a user for which the password check succeeded but `user_can_authenticate()` failed. In the allauth authentication logic, we can then unstash this user and proceed pointing the user to the account inactive page. rN)getattr_stashr)clsrrets rr=!AuthenticationBackend._stash_useres0ffd+  rc$URS5$r()r=)rCs runstash_authenticated_user0AuthenticationBackend.unstash_authenticated_userst$$r)rN)__name__ __module__ __qualname____firstlineno__rrstrr%r$r#rr+ classmethodr=rG__static_attributes__rrr r s{<4C4344#44   2 $6%%rr N) threadingrdjango.contrib.authrdjango.contrib.auth.backendsrallauth.account.adapterrallauth.account.app_settingsrr utilsr r rBr rPrrrXs1.5/4B s%Ls%r