contrib.auth.handlers.modwsgi fails for some backends
|Reported by:||graham4django||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In contrib.auth.handlers.modwsgi authentication is implemented with a check_password function, which in turn is based on "user.check_password". However, this forces a check of the given password against the password stored in the database.
For some backends like, e.g. django_auth_ldap, no usable password is stored in the database. Thus, this check will fail.
Therefore the function should be implemented using a call to "authenticate", which will correctly verify the given password against the different authentication backends.
Change History (4)
comment:1 Changed 2 years ago by claudep
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted