Misago auth backend

misago/conf/defaults.py

@@ -134,9 +134,13 @@ TIME_ZONE = 'UTC'
 CSRF_FAILURE_VIEW = 'misago.core.errorpages.csrf_failure'
 
 
-# Use Misago user model
+# Use Misago authentication
 AUTH_USER_MODEL = 'users.User'
 
+AUTHENTICATION_BACKENDS = (
+    'misago.users.authbackends.MisagoBackend',
+)
+
 
 # How many e-mails should be sent in single step.
 # This is used for conserving memory usage when mailing many users at same time

misago/users/authbackends.py

@@ -0,0 +1,19 @@
+from django.contrib.auth import get_user_model
+from django.contrib.auth.backends import ModelBackend
+
+
+class MisagoBackend(ModelBackend):
+    def authenticate(self, username=None, password=None, **kwargs):
+        UserModel = get_user_model()
+
+        if username is None:
+            username = kwargs.get(UserModel.USERNAME_FIELD)
+
+        try:
+            user = UserModel.objects.get_by_username_or_email(username)
+            if user.check_password(password):
+                return user
+        except UserModel.DoesNotExist:
+            # Run the default password hasher once to reduce the timing
+            # difference between an existing and a non-existing user (#20760).
+            UserModel().set_password(password)