Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#20675 closed Bug (fixed)

`ModelBackend.authenticate` raises an assertion error when no password is specified.

Reported by: Simon Charette Owned by: Simon Charette
Component: contrib.auth Version: dev
Severity: Release blocker Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The regression was introduced by 2c4fe761a0e2b28e2c5c3b4bc506ee06824a443d to allow blank passwords (#20593).

Prior to this change authenticate returned None when no password was specified.

Note that this affect version 1.6-beta-1 and master but I'm not sure this should be considered a release blocker.

I'm reporting because one of my testcases failed and I thought this change might have other side effects. We should at least raise a ValueError with a description instead of a non-intuitive assertion error.

I'll write tests and a fix if this gets accepted in order to backport it.

Change History (6)

comment:1 by Baptiste Mispelon, 11 years ago

Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted

It's perfectly valid not to pass a password kwarg to authenticate, so I think this is a bug.

As you noted, prior to the commit, authenticate would just move on to the next backend in the list, eventually returning None if no matching user was found.

Now, the ModelBackend raises an AssertionError and breaks the chain, rendering non-password-based backends unusable.

Consequently, I think it's a release blocker.

comment:2 by Simon Charette, 11 years ago

Status: newassigned

I'll give this patch a try.

comment:3 by Simon Charette, 11 years ago

Has patch: set

Created a pull request.

comment:4 by Tim Graham, 11 years ago

Triage Stage: AcceptedReady for checkin

comment:5 by Simon Charette <charette.s@…>, 11 years ago

Resolution: fixed
Status: assignedclosed

In 8759778185d0539bf9c11e3fda497a9486b9acab:

Fixed #20675 -- check_password should work when no password is specified.

The regression was introduced by 2c4fe761a. refs #20593.

comment:6 by Simon Charette <charette.s@…>, 11 years ago

In 2de0d4c4523ca3d1d6744ba0f22b8ef33bedfa03:

[1.6.x] Fixed #20675 -- check_password should work when no password is specified.

The regression was introduced by 2c4fe761a. refs #20593.

Backport of 8759778185 from master.

Note: See TracTickets for help on using tickets.
Back to Top