id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 10901,auth.contrib silently catching TypeError,anonymous,nobody,"The function authenticate in django/contrib/auth/__init__.py reads: {{{ 31 def authenticate(**credentials): 32 """""" 33 If the given credentials are valid, return a User object. 34 """""" 35 for backend in get_backends(): 36 try: 37 user = backend.authenticate(**credentials) 38 except TypeError: 39 # This backend doesn't accept these credentials as arguments. Try the next one. 40 continue 41 if user is None: 42 continue 43 # Annotate the user object with the path of the backend. 44 user.backend = ""%s.%s"" % (backend.__module__, backend.__class__.__name__) 45 return user }}} As you can see the code catches and silently ignores all TypeError exceptions: The problems with this approach are: - Why not fail as early as possible if one of the authentication backends configured in settings.py has a wrong signature? If nothing else at least a warning should be logged IMHO. - The bigger problem is that the code silently catches all TypeError exceptions. If the signature is correct, but the custom backend authenticator somewhere has a bug and a TypeError is raised as a result, the exception will be hidden away. TypeError is a common exception, so I don't think that catching and ignoring it in code that others will write is a good idea. ",,closed,contrib.auth,1.0,,invalid,,szabtam@… humitos@…,Unreviewed,0,0,0,0,0,0