Only super user gets access

I have an end point to allow a user to log in and a super user can log in no problem but any other user is denied.

Here is the view:

def LoginUser(request, *args, **kwargs):
    email =["email"]
    password =["password"]
    exists = User.objects.filter(email=email)
    if exists:
        user = authenticate(email=email, password=password)
        if user:
            serializer = LoginSerializer(user)
            token, created = Token.objects.get_or_create(user=user)
            return Response(
                {"id":["id"], "Authorization": token.key},
            return Response("Wrong email and/or password", status=HTTP_401_UNAUTHORIZED)
        return Response("Email is not registered, please register")

If I try and log another user in I get a unauthorized error n the console. But then why allow a superuser to login? It’s the same machine, same browser, same window

The user trying to authenticate has is_active=True?

Yes the user is active

it uses a custom backend for authentication here that is:

class EmailBackend(ModelBackend):
    def authenticate(self, request, **kwargs):
        UserModel = get_user_model()
            email = kwargs.get('email', None)
            if email is None:
                email = kwargs.get('username', None)
            user = UserModel.objects.get(email=email)
            if user.check_password(kwargs.get('password', None)):
                return user
        except UserModel.DoesNotExist:
            return None
        return None

Alright, can you show your User model?

Here you go:

class UserManager(BaseUserManager):
    def create_user(self, email, password, username=None, role=None):
        user = self.model(email=self.normalize_email(email))
        return user

    def create_superuser(self, email, password, role, username=None):
        user = self.model(email=self.normalize_email(email))
        user.role = role
        user.is_staff = True 
        user.is_active = True
        user.is_superuser = True
        return user

class User(AbstractBaseUser, PermissionsMixin):
    EM = 'EM'
    SM = 'SM'
    DH = 'DH'
    ST = 'ST'
    US = 'US'
    ROLES = [
        (EM, 'Executive Management'),
        (SM, 'Senior Management'),
        (DH, 'Department Head'),
        (ST, 'Staff Member'),
        (US, 'User'),
    objects = UserManager()
    role = models.CharField(max_length=2, choices=ROLES, default=US, blank=True)
    username = models.CharField(max_length=20, unique=True, blank=True, null=True)
    email = models.EmailField(max_length=255, unique=True)
    slug = models.SlugField(blank=True, null=True)
    is_active = models.BooleanField(default=False)
    is_staff = models.BooleanField(default=False)
    has_profile = models.BooleanField(default=False)
    email_verified_at = models.DateTimeField(auto_now=False, null=True, blank=True)
    code = models.CharField(max_length=8, null=True, blank=True)
    created_at = models.DateTimeField(auto_now_add=True, verbose_name="Created at")
    updated_at = models.DateTimeField(auto_now=True, verbose_name="Updated at")

    class Meta:
        verbose_name = "User"
        verbose_name_plural = "Users"
        ordering = ["username"]
        db_table = "users"

    def get_absolute_url(self):
        return f"{self.slug}"

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['role']

On your settings, do you have only your custom authentication backend?


AUTHENTICATION_BACKENDS = ["users.backends.EmailBackend"]

Have you already ran on a debug session through your EmailBackend?
Since you’re only using this backend to authenticate, even if the user has is_active=False your backend would being authenticating.
If you’re not familiar or comfortable using the debugger, throw some print statements in your EmailBackend, maybe you can figure it out the error with the output

Ok thank you I will do that