Admin should allow for configurable login handling support
|Reported by:||Matt McDonald||Owned by:||nobody|
|Cc:||Matt McDonald||Triage Stage:||Unreviewed|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In its current implementation, the contrib.admin application attempts to handle user authentication by displaying a login form for any request where the user does not have permission to view (either because they are unauthenticated, or their user account fails the is_active and is_staff test).
In cases where authentication is being handled by an external system (e.g., Apache .htaccess or Google Accounts auth on App Engine), it can be confusing for users to see this login form when their account does not have permission to access the admin, as in some cases, the credentials they use might not correspond to what is stored in the Django auth table.
I'd like to propose a configuration knob to allow the choice for whether the admin app attempts to perform user authentication at all, and instead just relies on all users to be pre-authenticated.
Change History (5)
comment:1 Changed 6 years ago by
|Summary:||Admin should allow for configurable support login handling → Admin should allow for configurable login handling support|