Opened 10 years ago

Closed 10 years ago

#23896 closed New feature (wontfix)

set_password delegation to auth backend

Reported by: Roman Owned by: nobody
Component: contrib.auth Version: 1.7
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Roman)

Recently I've implemented LDAP auth backend by myself and was confused by not being able to add change_password/set_password functionality without adding custom User model. Actually I think it is very common to delegate password validation to some external service, like LDAP, SMTP, HTTP, etc. while keeping User model as is. Also, providing custom user model will force all applications to reference settings.AUTH_USER_MODEL which is definitely correct, but forcing to do even correct thing does not look nice for me.

So, the thing I want to discuss is support of some special methods on auth backends like

""" user is for User model instance previously returned by this backend's authenticate method """
def set_password(self, user, new_password):
    pass

""" user is for User model instance previously returned by this backend's authenticate method """
def change_password(self, user, old_password, new_password):
    pass

User model to call auth backend methods if defined.

So do I miss anything? Is my proposal correct?

Change History (3)

comment:1 by Roman, 10 years ago

Summary: set_passwordset_password delegation to auth backend

comment:2 by Roman, 10 years ago

Description: modified (diff)

comment:3 by Tim Graham, 10 years ago

Resolution: wontfix
Status: newclosed

When logging in, we iterate through settings.AUTHENTICATION_BACKENDS until we find one that successfully authenticates a user. It's not so clear how a similar scheme for changing passwords might work. Changing the API for User.set_password() to delegate to the auth backend seems complicated and I believe there are other LDAP backends that are working without this change. You might try looking at their code to see if they handle this issue in any way. Any API proposal like this needs to be discussed on the DevelopersMailingList first, so please try there if you still think this is a good idea.

Note: See TracTickets for help on using tickets.
Back to Top