TypeErrors pass silently inside of authentication backends `authenticate()`
|Reported by:||Owned by:||Renato Oliveira|
|Cc:||charette.s@…, jeffhui||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
TypeErrors pass silently when raised inside of an authentication backend's
authenticate method. This can make debugging a backend tricky.
A simple example:
class MyBackend(object): def authenticate(self, username, password): for item in None: # Raises a TypeError, which passes silently! print "You'll never get here!"
TypeErrors to check whether the backend has been called with the correct signature, there may not be an easy solution for this, but some options would include:
/takes (?:exactly \d+|no) arguments?/and re-raise or
logger.exception()if it doesn't match. This would significantly narrow down the cases where the wrong exception would silently pass. (A simpler, quicker check of
"argument" in e.messagewould also work)
- Document this behavior, recommending that backends should handle their own TypeErrors in https://docs.djangoproject.com/en/1.4/topics/auth/#writing-an-authentication-backend