Code

Opened 13 months ago

Closed 12 months ago

Last modified 12 months ago

#20675 closed Bug (fixed)

`ModelBackend.authenticate` raises an assertion error when no password is specified.

Reported by: charettes Owned by: charettes
Component: contrib.auth Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The regression was introduced by 2c4fe761a0e2b28e2c5c3b4bc506ee06824a443d to allow blank passwords (#20593).

Prior to this change authenticate returned None when no password was specified.

Note that this affect version 1.6-beta-1 and master but I'm not sure this should be considered a release blocker.

I'm reporting because one of my testcases failed and I thought this change might have other side effects. We should at least raise a ValueError with a description instead of a non-intuitive assertion error.

I'll write tests and a fix if this gets accepted in order to backport it.

Attachments (0)

Change History (6)

comment:1 Changed 13 months ago by bmispelon

  • Severity changed from Normal to Release blocker
  • Triage Stage changed from Unreviewed to Accepted

It's perfectly valid not to pass a password kwarg to authenticate, so I think this is a bug.

As you noted, prior to the commit, authenticate would just move on to the next backend in the list, eventually returning None if no matching user was found.

Now, the ModelBackend raises an AssertionError and breaks the chain, rendering non-password-based backends unusable.

Consequently, I think it's a release blocker.

comment:2 Changed 12 months ago by charettes

  • Status changed from new to assigned

I'll give this patch a try.

comment:3 Changed 12 months ago by charettes

  • Has patch set

Created a pull request.

comment:4 Changed 12 months ago by timo

  • Triage Stage changed from Accepted to Ready for checkin

comment:5 Changed 12 months ago by Simon Charette <charette.s@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In 8759778185d0539bf9c11e3fda497a9486b9acab:

Fixed #20675 -- check_password should work when no password is specified.

The regression was introduced by 2c4fe761a. refs #20593.

comment:6 Changed 12 months ago by Simon Charette <charette.s@…>

In 2de0d4c4523ca3d1d6744ba0f22b8ef33bedfa03:

[1.6.x] Fixed #20675 -- check_password should work when no password is specified.

The regression was introduced by 2c4fe761a. refs #20593.

Backport of 8759778185 from master.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.