Context Navigation

← Previous Ticket
Next Ticket →

#12148 closed New feature (fixed)

Don't use invalid backend from the Session to load the user in contrib.auth.get_user

Reported by:	Tamas Szabo	Owned by:	nobody
Component:	contrib.auth	Version:	dev
Severity:	Normal	Keywords:
Cc:	vlastimil.zima@…	Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	yes
Easy pickings:	no	UI/UX:	no

Description

django.contrib.auth saves the backend_path used to authenticate the user in the session.
This works great but when you remove the authorization backend you get an ImproperlyConfigured error.
The error references the old authorization backend so your first instinct is that the problem must be in your settings file.

I've been bitten by this a few times now, sometimes I remember to delete the Sessions manually, other times (like today) I think that my old settings.py must be executed and I go through the pain of deleting directories, redeploying and restarting servers.

I would like to suggest adding a check to the get_user call, that checks if the backend_path saved in the session is still in settings.AUTHORIZATION_BACKENDS.
If it isn't don't try to load it.

Patch for django.contrib.auth.init.py and tests included.

Thanks.

Attachments (2)

auth_get_user_patch.diff (3.5 KB ) - added by Tamas Szabo 15 years ago.
auth_get_user_patch_v2.diff (4.2 KB ) - added by Tamas Szabo 15 years ago.

Download all attachments as: .zip

Change History (9)

by Tamas Szabo, 15 years ago

Attachment:	auth_get_user_patch.diff added

comment:1 by Carl Meyer, 15 years ago

Patch needs improvement:	set
Triage Stage:	Unreviewed → Accepted

Seems sensible. Patch needs updating for trunk (auth backend tests are now in contrib.auth.tests).

by Tamas Szabo, 15 years ago

Attachment:	auth_get_user_patch_v2.diff added

comment:2 by Tamas Szabo, 15 years ago

Added a new version of the patch that moves the tests to contrib/auth/tests/auth_backends.py.
I've also changed the tests to be more similar to the tests already in auth_backends.

comment:3 by Vlastimil Zíma, 14 years ago

Cc:	vlastimil.zima@… added

comment:4 by Matt McClanahan, 14 years ago

Severity:	→ Normal
Type:	→ New feature

comment:5 by Aymeric Augustin, 13 years ago

UI/UX:	unset

Change UI/UX from NULL to False.

comment:6 by Aymeric Augustin, 13 years ago

Easy pickings:	unset

Change Easy pickings from NULL to False.

comment:7 by Tim Graham, 10 years ago

Resolution:	→ fixed
Status:	new → closed

This looks like it has been fixed: https://github.com/django/django/blob/19e6397f82e82438eb3047be0233aa2e555b3a12/django/contrib/auth/__init__.py#L155-L157

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues

Context Navigation

#12148 closed New feature (fixed)

Don't use invalid backend from the Session to load the user in contrib.auth.get_user

Description

Attachments (2)

Change History (9)

by Tamas Szabo, 15 years ago

comment:1 by Carl Meyer, 15 years ago

by Tamas Szabo, 15 years ago

comment:2 by Tamas Szabo, 15 years ago

comment:3 by Vlastimil Zíma, 14 years ago

comment:4 by Matt McClanahan, 14 years ago

comment:5 by Aymeric Augustin, 13 years ago

comment:6 by Aymeric Augustin, 13 years ago

comment:7 by Tim Graham, 10 years ago

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us