id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
10901	auth.contrib silently catching TypeError	anonymous	nobody	"The function authenticate in django/contrib/auth/__init__.py reads:


{{{
31        def authenticate(**credentials):
32          """"""
33          If the given credentials are valid, return a User object.
34          """"""
35          for backend in get_backends():
36              try:
37                  user = backend.authenticate(**credentials)
38              except TypeError:
39                  # This backend doesn't accept these credentials as
arguments. Try the next one.
40                  continue
41              if user is None:
42                  continue
43              # Annotate the user object with the path of the backend.
44              user.backend = ""%s.%s"" % (backend.__module__,
backend.__class__.__name__)
45              return user

}}}

As you can see the code catches and silently ignores all TypeError exceptions:
The problems with this approach are:
    - Why not fail as early as possible if one of the authentication
backends configured in settings.py has a wrong signature? If nothing
else at least a warning should be logged IMHO.
    - The bigger problem is that the code silently catches all TypeError
exceptions. If the signature is correct, but the custom backend
authenticator somewhere has a bug and a TypeError is raised as a
result, the exception will be hidden away. TypeError is a common
exception, so I don't think that catching and ignoring it in code that
others will write is a good idea.
"		closed	contrib.auth	1.0		invalid		szabtam@… humitos@…	Unreviewed	0	0	0	0	0	0