Opened 12 years ago
Closed 12 years ago
#19780 closed Bug (fixed)
Discrepancy in modwsgi auth handler
| Reported by: | Aymeric Augustin | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
check_password does:
if not user.is_active:
return None
while groups_for_user does:
try:
if not user.is_active:
return []
except AttributeError as e:
# a custom user may not support is_active
return []
Shouldn't these be rewritten to:
if not getattr(user, 'is_active', True):
return None / return []
Change History (4)
comment:1 by , 12 years ago
comment:4 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
#19061 actually stipulated that is_active is mandatory - but the attribute error catch was not removed from the groups method as it should have been in 2b5f848207b1dab35afd6f63d0107629c76d4d9a.
Thanks Aymeric for the catch.
Note:
See TracTickets
for help on using tickets.
See #19057, [5f8b97f9fb058e5e02f1f99423fc3b0020ecdeb0] and [2b5f848207b1dab35afd6f63d0107629c76d4d9a].
If I understand well the note added in https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/apache-auth/ the auth handler doesn't support a custom user without
is_active. Then I think it'd better to let theAttributeErrorbe raised up the stack, it will be easier to debug. Preston?