Code

Ticket #2550: patch.diff

File patch.diff, 3.3 KB (added by aashu_dwivedi, 3 years ago)

the implementation along with test cases submitted by aashu_dwivedi

Line 
1Index: django/contrib/auth/__init__.py
2===================================================================
3--- django/contrib/auth/__init__.py     (revision 15659)
4+++ django/contrib/auth/__init__.py     (working copy)
5@@ -1,6 +1,6 @@
6 import datetime
7 from warnings import warn
8-from django.core.exceptions import ImproperlyConfigured
9+from django.core.exceptions import ImproperlyConfigured,PermissionDenied
10 from django.utils.importlib import import_module
11 from django.contrib.auth.signals import user_logged_in, user_logged_out
12 
13@@ -56,6 +56,9 @@
14         except TypeError:
15             # This backend doesn't accept these credentials as arguments. Try the next one.
16             continue
17+       except PermissionDenied:
18+           # This backend says to stop in our tracks - this user should not be allowed in at all.
19+           return None
20         if user is None:
21             continue
22         # Annotate the user object with the path of the backend.
23Index: django/contrib/auth/tests/auth_backends.py
24===================================================================
25--- django/contrib/auth/tests/auth_backends.py  (revision 15659)
26+++ django/contrib/auth/tests/auth_backends.py  (working copy)
27@@ -354,3 +354,36 @@
28         self.assertEqual(self.user1.has_module_perms("app1"), False)
29         self.assertEqual(self.user1.has_module_perms("app2"), False)
30 
31+class PermissionDeniedBackend(object):
32+    """
33+    always raises PermissionDenied
34+    """
35+    supports_object_permissions = False
36+    supports_anonymous_user = False
37+
38+    def authenticate(self,username=None,password=None):
39+        raise PermissionDenied
40
41+class PermissionDeniedBackendTest(TestCase):
42+    """
43+    Tests that other backends are not checked once a backend raises PermissionDenied
44+    """
45+    backend = 'django.contrib.auth.tests.auth_backends.PermissionDeniedBackend'
46+
47+    def setUp(self):
48+        self.curr_auth = settings.AUTHENTICATION_BACKENDS
49+        self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
50+        self.user1.save()
51+
52+    def tearDown(self):
53+        settings.AUTHENTICATION_BACKENDS = self.curr_auth
54+
55+    def test_permission_denied(self):
56+       "user is not authenticated after a backend raises permission denied #2550"
57+       settings.AUTHENTICATION_BACKENDS = (self.backend,)+tuple(self.curr_auth)
58+        self.assertEqual(authenticate(username='test',password='test'), None)
59+
60+    def test_authenticates(self):
61+       settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
62+        self.assertEqual(authenticate(username='test',password='test'),self.user1)
63+
64Index: django/contrib/auth/tests/__init__.py
65===================================================================
66--- django/contrib/auth/tests/__init__.py       (revision 15659)
67+++ django/contrib/auth/tests/__init__.py       (working copy)
68@@ -1,6 +1,6 @@
69 from django.contrib.auth.tests.auth_backends import (BackendTest,
70     RowlevelBackendTest, AnonymousUserBackendTest, NoAnonymousUserBackendTest,
71-    NoBackendsTest, InActiveUserBackendTest, NoInActiveUserBackendTest)
72+    NoBackendsTest, InActiveUserBackendTest, NoInActiveUserBackendTest,PermissionDeniedBackendTest)
73 from django.contrib.auth.tests.basic import BasicTestCase
74 from django.contrib.auth.tests.decorators import LoginRequiredTestCase
75 from django.contrib.auth.tests.forms import (UserCreationFormTest,