Custom backend get_user function is assumed to search by primary key
|Reported by:||elliot.smith91@…||Owned by:||nobody|
|Severity:||Normal||Keywords:||session, auth, custom|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The get_user method takes a user_id – which could be a username, database ID or whatever – and returns a User object.
However when using a custom authentication source and functions such as login_required the session would call get_user when needed passing the user primary key (as stored in the session).
As such, either the UserProfile should have a get_identifying_token function which replaces the primary key in the session's _auth_user_id field or the documentation should note that primary key is required when using the session middleware.