From 51cd8b3ba384e5622124f18510df47d5ff1564fc Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 21 Apr 2020 22:29:52 +0200
Subject: [PATCH 2/4] backends: prevent access by inactive users

---
 src/authentic2/backends/models_backend.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/authentic2/backends/models_backend.py src/authentic2/backends/models_backend.py
index aeeb58e6..dacd0eec 100644
--- src/authentic2/backends/models_backend.py
+++ src/authentic2/backends/models_backend.py
@@ -90,6 +90,8 @@ class ModelBackend(ModelBackend):
             user = UserModel._default_manager.get(pk=user_id)
         except UserModel.DoesNotExist:
             return None
+        if not user.is_active:
+            return None
         if user.deleted:
             return None
         return user
-- 
2.26.0