id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15671	hasattr in RemoteUserMiddleware hides true errors and exceptions	Matt McDonald		"The !RemoteUserMiddleware hides true errors and exceptions that may occur when fetching Session and User data from the db backend.  This occurs because the middleware first performs a test to ensure that contrib.auth.middleware.!AuthenticationMiddleware has been installed by calling:

{{{
if not hasattr(request, 'user'):
    raise ImproperlyConfigured(...)
}}}

However, hasattr dangerously catches all exceptions that occur during the call, which hides any of the multitude of problems that could occur when the !LazyUser attribute attempts to fetch the real User instance from the database.

I've proposed a patch which instead uses a try/except on !AttributeError to perform the same logic, while letting other exceptions correctly bubble up."	Bug	closed	contrib.auth	dev	Normal	fixed		Matt McDonald	Ready for checkin	1	0	0	0	0	0