Ticket #2550: ticket2550d.diff

File ticket2550d.diff, 4.9 KB (added by namn, 3 years ago)

ticket2550d.diff

  • django/contrib/auth/__init__.py

    diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
    index 0b3ccf7..c0a8b2a 100644
    a b  
    1 from django.core.exceptions import ImproperlyConfigured
     1from django.core.exceptions import ImproperlyConfigured, PermissionDenied
    22from django.utils.importlib import import_module
    33from django.contrib.auth.signals import user_logged_in, user_logged_out
    44
    def authenticate(**credentials): 
    4040        except TypeError:
    4141            # This backend doesn't accept these credentials as arguments. Try the next one.
    4242            continue
     43        except PermissionDenied:
     44            # This backend says to stop in our tracks - this user should not be allowed in at all.
     45            return None
    4346        if user is None:
    4447            continue
    4548        # Annotate the user object with the path of the backend.
  • django/contrib/auth/tests/__init__.py

    diff --git a/django/contrib/auth/tests/__init__.py b/django/contrib/auth/tests/__init__.py
    index 16eaa5c..8cd2499 100644
    a b  
    11from django.contrib.auth.tests.auth_backends import (BackendTest,
    22    RowlevelBackendTest, AnonymousUserBackendTest, NoBackendsTest,
    3     InActiveUserBackendTest)
     3    InActiveUserBackendTest, PermissionDeniedBackendTest)
    44from django.contrib.auth.tests.basic import BasicTestCase
    55from django.contrib.auth.tests.context_processors import AuthContextProcessorTests
    66from django.contrib.auth.tests.decorators import LoginRequiredTestCase
  • django/contrib/auth/tests/auth_backends.py

    diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py
    index 9a4d8f9..a75532e 100644
    a b from __future__ import unicode_literals 
    33from django.conf import settings
    44from django.contrib.auth.models import User, Group, Permission, AnonymousUser
    55from django.contrib.contenttypes.models import ContentType
    6 from django.core.exceptions import ImproperlyConfigured
     6from django.core.exceptions import ImproperlyConfigured, PermissionDenied
     7from django.contrib.auth import authenticate
    78from django.test import TestCase
    89from django.test.utils import override_settings
    910
    class InActiveUserBackendTest(TestCase): 
    258259    def test_has_module_perms(self):
    259260        self.assertEqual(self.user1.has_module_perms("app1"), False)
    260261        self.assertEqual(self.user1.has_module_perms("app2"), False)
     262
     263
     264class PermissionDeniedBackend(object):
     265    """
     266    Always raises PermissionDenied.
     267    """
     268    supports_object_permissions = True
     269    supports_anonymous_user = True
     270    supports_inactive_user = True
     271
     272    def authenticate(self, username=None, password=None):
     273        raise PermissionDenied
     274
     275
     276class PermissionDeniedBackendTest(TestCase):
     277    """
     278    Tests that other backends are not checked once a backend raises PermissionDenied
     279    """
     280    backend = 'django.contrib.auth.tests.auth_backends.PermissionDeniedBackend'
     281
     282    def setUp(self):
     283        self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
     284        self.user1.save()
     285
     286    @override_settings(AUTHENTICATION_BACKENDS=(backend, ) +
     287            tuple(settings.AUTHENTICATION_BACKENDS))
     288    def test_permission_denied(self):
     289        "user is not authenticated after a backend raises permission denied #2550"
     290        self.assertEqual(authenticate(username='test', password='test'), None)
     291
     292    @override_settings(AUTHENTICATION_BACKENDS=tuple(
     293            settings.AUTHENTICATION_BACKENDS) + (backend, ))
     294    def test_authenticates(self):
     295        self.assertEqual(authenticate(username='test', password='test'), self.user1)
  • docs/releases/1.5.txt

    diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
    index fd9ae4f..2f65430 100644
    a b Django 1.5 also includes several smaller improvements worth noting: 
    111111  argument. By default the batch_size is unlimited except for SQLite where
    112112  single batch is limited so that 999 parameters per query isn't exceeded.
    113113
     114* Authentication backend can raise ``PermissionDenied`` to immediately fail
     115  the authentication chain.
     116
    114117Backwards incompatible changes in 1.5
    115118=====================================
    116119
  • docs/topics/auth.txt

    diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt
    index c0e56db..e78381f 100644
    a b processing at the first positive match. 
    17641764    you need to force users to re-authenticate using different methods. A simple
    17651765    way to do that is simply to execute ``Session.objects.all().delete()``.
    17661766
     1767.. versionadded:: 1.4
     1768
     1769If a backend raises a :class:`~django.core.exceptions.PermissionDenied`
     1770exception, authentication will immediately fail. Django won't check the backends that follow.
     1771
     1772
    17671773Writing an authentication backend
    17681774---------------------------------
    17691775
Back to Top