Fix LDAP auth: user never updated if inactive

netbox/netbox/api/authentication.py

@@ -58,22 +58,24 @@ class TokenAuthentication(authentication.TokenAuthentication):
         if token.is_expired:
             raise exceptions.AuthenticationFailed("Token expired")
 
-        if not token.user.is_active:
+        user = token.user
-            raise exceptions.AuthenticationFailed("User inactive")
-
         # When LDAP authentication is active try to load user data from LDAP directory
         if settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend':
             from netbox.authentication import LDAPBackend
             ldap_backend = LDAPBackend()
 
             # Load from LDAP if FIND_GROUP_PERMS is active
-            if ldap_backend.settings.FIND_GROUP_PERMS:
+            # Always query LDAP when user is not active, otherwise it is never activated again
-                user = ldap_backend.populate_user(token.user.username)
+            if ldap_backend.settings.FIND_GROUP_PERMS or not token.user.is_active:
+                ldap_user = ldap_backend.populate_user(token.user.username)
                 # If the user is found in the LDAP directory use it, if not fallback to the local user
-                if user:
+                if ldap_user:
-                    return user, token
+                    user = ldap_user
 
-        return token.user, token
+        if not user.is_active:
+            raise exceptions.AuthenticationFailed("User inactive")
+
+        return user, token
 
 
 class TokenPermissions(DjangoObjectPermissions):