#20675 closed Bug (fixed)
`ModelBackend.authenticate` raises an assertion error when no password is specified.
| Reported by: | Simon Charette | Owned by: | Simon Charette |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Release blocker | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The regression was introduced by 2c4fe761a0e2b28e2c5c3b4bc506ee06824a443d to allow blank passwords (#20593).
Prior to this change authenticate returned None when no password was specified.
Note that this affect version 1.6-beta-1 and master but I'm not sure this should be considered a release blocker.
I'm reporting because one of my testcases failed and I thought this change might have other side effects. We should at least raise a ValueError with a description instead of a non-intuitive assertion error.
I'll write tests and a fix if this gets accepted in order to backport it.
Change History (6)
comment:1 by , 11 years ago
| Severity: | Normal → Release blocker |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:4 by , 11 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
comment:5 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
It's perfectly valid not to pass a
passwordkwarg toauthenticate, so I think this is a bug.As you noted, prior to the commit,
authenticatewould just move on to the next backend in the list, eventually returningNoneif no matching user was found.Now, the
ModelBackendraises anAssertionErrorand breaks the chain, rendering non-password-based backends unusable.Consequently, I think it's a release blocker.