Fixed #24987 -- Allowed inactive users to login with the test client.

docs/releases/1.10.txt

@@ -678,6 +678,10 @@ Miscellaneous
   :class:`~django.contrib.auth.backends.AllowAllUsersRemoteUserBackend`
   in :setting:`AUTHENTICATION_BACKENDS` instead.
 
+* In light of the previous change, the test client's
+  :meth:`~django.test.Client.login()` method no longer always rejects inactive
+  users but instead delegates this decision to the authentication backend.
+
 .. _deprecated-features-1.10:
 
 Features deprecated in 1.10

docs/topics/testing/tools.txt

@@ -334,13 +334,6 @@ Use the ``django.test.Client`` class to make requests.
         ``login()`` method to simulate the effect of a user logging into the
         site.
 
-        Inactive users (:attr:`is_active=False
-        <django.contrib.auth.models.User.is_active>`) are not permitted to
-        login as this method is meant to be equivalent to the
-        :func:`~django.contrib.auth.login` view which uses
-        :class:`~django.contrib.auth.forms.AuthenticationForm` and therefore
-        defaults to rejecting users who are inactive.
-
         After you call this method, the test client will have all the cookies
         and session data required to pass any login-based tests that may form
         part of a view.
@@ -378,6 +371,12 @@ Use the ``django.test.Client`` class to make requests.
         :meth:`~django.contrib.auth.models.UserManager.create_user` helper
         method to create a new user with a correctly hashed password.
 
+        .. versionchanged:: 1.10
+
+            In previous versions, inactive users (:attr:`is_active=False
+            <django.contrib.auth.models.User.is_active>`) were not permitted
+            to login.
+
     .. method:: Client.force_login(user, backend=None)
 
         .. versionadded:: 1.9