Code

#19337 closed Bug (duplicate)

Authentication backend iteration should not rely on TypeError for detection

Reported by: rubyruy Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

This line here is the problem area. Basically it means that if at any point during the authentication process a TypeError is raised (which is not exactly unlikely) django will simply eat that error, attempt to authenticate, mysteriously fail to to do so and then give the exasperated developer few clues as to why authentication didn't actually happen despite the lack of log messages or exceptions claiming otherwise.

Relying on such generic exceptions for what basically amounts to flow control (in essence all we're trying to do here is allow the backend to signal to django that it doesn't support these credentials) is, IMHO, asking for trouble.

Why can't we simply rely on returning None (as is already the case) or perhaps an explicit value or exception?

Yes this would be a backwards incompatible change but it can be stretched over several releases and warned against using deprecation messages as with other such changes.

Attachments (0)

Change History (1)

comment:1 Changed 20 months ago by claudep

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Yes, this is a valid concern, but it is already reported in #18171.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.