diff --git a/apps/accounts/tests/test_login.py b/apps/accounts/tests/test_login.py index f655bff17..350df500f 100644 --- a/apps/accounts/tests/test_login.py +++ b/apps/accounts/tests/test_login.py @@ -64,3 +64,12 @@ def test_logout(self): response = self.client.get(reverse('mylogout'), follow=True) self.assertEqual(response.status_code, 200) self.assertContains(response, 'Login') + + def test_valid_login_email(self): + """ + Valid User can login using their email address + """ + form_data = {'username': 'fred@example.com', 'password': 'bedrocks'} + response = self.client.post(self.url, form_data, follow=True) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'Logout') diff --git a/apps/accounts/views/mfa.py b/apps/accounts/views/mfa.py index d5ea7ef8f..acf96e3ce 100644 --- a/apps/accounts/views/mfa.py +++ b/apps/accounts/views/mfa.py @@ -3,6 +3,7 @@ from django.http import HttpResponseRedirect from django.urls import reverse from django.contrib.auth import authenticate, login +from django.contrib.auth.models import User from django.contrib import messages from django.utils.translation import ugettext_lazy as _ from ..models import UserProfile, MFACode @@ -15,6 +16,7 @@ from django.views.decorators.cache import never_cache from axes.decorators import axes_dispatch + logger = logging.getLogger('hhs_oauth_server.accounts') failed_login_log = logging.getLogger('unsuccessful_logins') @@ -88,6 +90,17 @@ def mfa_login(request): if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password'] + + # If username doesn't exist, try username matching email address. + try: + User.objects.get(username__iexact=username) + except User.DoesNotExist: + try: + check_user = User.objects.get(email__iexact=username) + username = check_user.username + except User.DoesNotExist: + pass + user = authenticate(request=request, username=username.lower(), password=password) if user is not None: