id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
19337	Authentication backend iteration should not rely on TypeError for detection	Ruy Asan	nobody	"[https://github.com/django/django/blob/1.5a1/django/contrib/auth/__init__.py#L60 This line here] is the problem area. Basically it means that if at any point during the authentication process a TypeError is raised (which is not exactly unlikely) django will simply eat that error, attempt to authenticate, mysteriously fail to to do so and then give the exasperated developer few clues  as to why authentication didn't actually happen despite the lack of log messages or exceptions claiming otherwise.

Relying on such generic exceptions for what basically amounts to flow control (in essence all we're trying to do here is allow the backend to signal to django that it doesn't support these credentials) is, IMHO, asking for trouble.

Why can't we simply rely on returning None (as is already the case) or perhaps an explicit value or exception? 

Yes this would be a backwards incompatible change but it can be stretched over several releases and warned against using deprecation messages as with other such changes."	Bug	closed	contrib.auth	dev	Normal	duplicate			Unreviewed	0	0	0	0	0	0