Opened 7 years ago

Closed 2 years ago

#12148 closed New feature (fixed)

Don't use invalid backend from the Session to load the user in contrib.auth.get_user

Reported by: sztamas Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: vlastimil.zima@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no


django.contrib.auth saves the backend_path used to authenticate the user in the session.
This works great but when you remove the authorization backend you get an ImproperlyConfigured error.
The error references the old authorization backend so your first instinct is that the problem must be in your settings file.

I've been bitten by this a few times now, sometimes I remember to delete the Sessions manually, other times (like today) I think that my old must be executed and I go through the pain of deleting directories, redeploying and restarting servers.

I would like to suggest adding a check to the get_user call, that checks if the backend_path saved in the session is still in settings.AUTHORIZATION_BACKENDS.
If it isn't don't try to load it.

Patch for and tests included.


Attachments (2)

auth_get_user_patch.diff (3.5 KB) - added by sztamas 7 years ago.
auth_get_user_patch_v2.diff (4.2 KB) - added by sztamas 7 years ago.

Download all attachments as: .zip

Change History (9)

Changed 7 years ago by sztamas

comment:1 Changed 7 years ago by carljm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted

Seems sensible. Patch needs updating for trunk (auth backend tests are now in contrib.auth.tests).

Changed 7 years ago by sztamas

comment:2 Changed 7 years ago by sztamas

Added a new version of the patch that moves the tests to contrib/auth/tests/
I've also changed the tests to be more similar to the tests already in auth_backends.

comment:3 Changed 5 years ago by vzima

  • Cc vlastimil.zima@… added

comment:4 Changed 5 years ago by mattmcc

  • Severity set to Normal
  • Type set to New feature

comment:5 Changed 5 years ago by aaugustin

  • UI/UX unset

Change UI/UX from NULL to False.

comment:6 Changed 5 years ago by aaugustin

  • Easy pickings unset

Change Easy pickings from NULL to False.

comment:7 Changed 2 years ago by timgraham

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
Back to Top