Opened 12 years ago
Closed 12 years ago
#19780 closed Bug (fixed)
Discrepancy in modwsgi auth handler
Reported by: | Aymeric Augustin | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
check_password
does:
if not user.is_active: return None
while groups_for_user
does:
try: if not user.is_active: return [] except AttributeError as e: # a custom user may not support is_active return []
Shouldn't these be rewritten to:
if not getattr(user, 'is_active', True): return None / return []
Change History (4)
comment:1 by , 12 years ago
comment:4 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
#19061 actually stipulated that is_active is mandatory - but the attribute error catch was not removed from the groups method as it should have been in 2b5f848207b1dab35afd6f63d0107629c76d4d9a.
Thanks Aymeric for the catch.
Note:
See TracTickets
for help on using tickets.
See #19057, [5f8b97f9fb058e5e02f1f99423fc3b0020ecdeb0] and [2b5f848207b1dab35afd6f63d0107629c76d4d9a].
If I understand well the note added in https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/apache-auth/ the auth handler doesn't support a custom user without
is_active
. Then I think it'd better to let theAttributeError
be raised up the stack, it will be easier to debug. Preston?