Code

Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#19743 closed Cleanup/optimization (fixed)

Document limitations of django.contrib.auth

Reported by: aaugustin Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

django.contrib.auth aims to be very generic and doesn't provide some features commonly found in web authentication systems:

  • password strength checking: requirements depend very much on the context.
  • throttling of login attempts: possible with a custom auth backend, for example https://github.com/brutasse/django-ratelimit-backend (I haven't audited that code)
  • external auth providers: possible with a custom auth backend, there are several third-party apps providing this feature.

The documentation should point out that these features aren't implemented to raise awareness.

Attachments (1)

19743.diff (704 bytes) - added by timo 15 months ago.

Download all attachments as: .zip

Change History (6)

Changed 15 months ago by timo

comment:1 Changed 15 months ago by timo

  • Has patch set
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 15 months ago by aaugustin

  • Triage Stage changed from Accepted to Ready for checkin

Typo: "implmented". Otherwise that looks good!

comment:3 Changed 15 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In afa3e1633431137f4e76c7efc359b579f4d9c08e:

Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

comment:4 Changed 15 months ago by Tim Graham <timograham@…>

In 3b952123ac29f66371f5c51a00026faf7cb945c1:

[1.5.x] Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

Backport of afa3e16334 from master

comment:5 Changed 15 months ago by Tim Graham <timograham@…>

In 3b952123ac29f66371f5c51a00026faf7cb945c1:

[1.5.x] Fixed #19743 - Documented some limitations of contrib.auth.

Thanks Aymeric for the suggestion.

Backport of afa3e16334 from master

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.