id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
10378	authenticate() method should not continue on built-in or generic exceptions	Ben Davis	nobody	"from django.contrib.auth,  in authenticate():
{{{
    for backend in get_backends():
        try:
            user = backend.authenticate(**credentials)
        except TypeError:
            # This backend doesn't accept these credentials as arguments. Try the next one.
            continue
        if user is None:
            continue
}}}

The authenticate method makes an assumption about the meaning of a !TypeError,  being that ""this backend doesn't accept these credentials as arguments"". It ''should'' use a custom exception type where the meaning is more specific, such as !AuthInvalidCredentials or something.

The reasoning behind this is that when creating your own authentication backend,  it's possible to do some things that unexpectedly raise a more generic exception, such as !TypeError.  This can produce some very unexpected results, as this will cause your backend to be ""skipped"" when it shouldn't have been.  

Granted,  I could work around this by catching !TypeError within the backend,  but the backend developer shouldn't have to know that he/she needs to do that.  Plus, the developer would have to go through some hoops to actually see the exception that was caught (eg, extracting traceback info from sys.exc_info())"	Bug	closed	contrib.auth	1.0	Normal	wontfix	authenticate TypeError		Design decision needed	0	0	0	0	0	0