#22771 closed Uncategorized (fixed)
TestCase.client.logout fails when using custom authentication backend not based on AUTH_USER_MODEL
| Reported by: | xafer | Owned by: | nobody |
|---|---|---|---|
| Component: | Testing framework | Version: | 1.6 |
| Severity: | Normal | Keywords: | logout test AUTH_USER_MODEL |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Hello !
I'm not sure if it's a bug or a new feature:
TestCase.client.login calls django.contrib.auth.login(request, user)
which stores the user id and its backend in the request's session:
request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
But in TestCase.client.logout calls, Django tries to get the authenticated user with:
uid = self.session.get(SESSION_KEY)
request.user = UserModel._default_manager.get(pk=uid)
assuming user is a AUTH_USER_MODEL and without checking its BACKEND_SESSION_KEY...
It would seem cleaner to actually rly on django.contrib.auth.get_user to find the correct user (whatever its type) and allow the concurrent use of multiple user models (typically user model and customer model...).
See https://github.com/xavfernandez/django_test_client_bugreport for a failing example.
Attachments (2)
Change History (8)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Has patch: | set |
|---|
comment:4 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
To backup the change, using django.contrib.auth.get_user is also what's done by the AuthenticationMiddleware (cf https://github.com/django/django/blob/1.6.5/django/contrib/auth/middleware.py#L18)