Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#19743 closed Cleanup/optimization (fixed)

Document limitations of django.contrib.auth

Reported by: Aymeric Augustin Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

django.contrib.auth aims to be very generic and doesn't provide some features commonly found in web authentication systems:

  • password strength checking: requirements depend very much on the context.
  • throttling of login attempts: possible with a custom auth backend, for example https://github.com/brutasse/django-ratelimit-backend (I haven't audited that code)
  • external auth providers: possible with a custom auth backend, there are several third-party apps providing this feature.

The documentation should point out that these features aren't implemented to raise awareness.

Attachments (1)

19743.diff (704 bytes) - added by Tim Graham 4 years ago.

Download all attachments as: .zip

Change History (6)

Changed 4 years ago by Tim Graham

Attachment: 19743.diff added

comment:1 Changed 4 years ago by Tim Graham

Has patch: set
Triage Stage: UnreviewedAccepted

comment:2 Changed 4 years ago by Aymeric Augustin

Triage Stage: AcceptedReady for checkin

Typo: "implmented". Otherwise that looks good!

comment:3 Changed 4 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In afa3e1633431137f4e76c7efc359b579f4d9c08e:

Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

comment:4 Changed 4 years ago by Tim Graham <timograham@…>

In 3b952123ac29f66371f5c51a00026faf7cb945c1:

[1.5.x] Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

Backport of afa3e16334 from master

comment:5 Changed 4 years ago by Tim Graham <timograham@…>

In 3b952123ac29f66371f5c51a00026faf7cb945c1:

[1.5.x] Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

Backport of afa3e16334 from master

Note: See TracTickets for help on using tickets.
Back to Top