id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23925	django.contrib.auth.authenticate sets the wrong backend path	sdeprez	sdeprez	"The `django.contrib.auth.authenticate` function currently tries to authenticate a user by checking each backend in `settings.AUTHENTICATION_BACKENDS`, and when it has found one that works, it annotates the user by adding a `path` attribute that is the path of the backend (as a Python object). However the path is computed based on the `__class__` attribute of the backend object, which give the ""real"" path of the object, and NOT based on the path given by `settings.AUTHENTICATION_BACKENDS`. 

This is problematic beacause they may differ, and thus the later check `if backend_path in settings.AUTHENTICATION_BACKENDS` in `django.contrib.auth.get_user` can fail whereas it should not.

Steps to reproduce the bug :
- create a custom backend in some module : `my_app.my_module_backend.CustomBackend`

- create another module that imports this module. For instance, it's common practice to import it in the `__init__.py` file of the package. So, in `my_app/__init__.py` put `from my_app import CustomBackend`.

- Set `AUTHENTICATION_BACKENDS = my_app.CustomBackend`

- Run django, create an user and try to login. Everything will go fine (no errors), except that you WON'T be logged, because of `django.contrib.auth.get_user` that will return an AnonymousUser. This can be very painful to track and this can even lead to infinite loops if your `LOGIN_REDIRECT_URL` is an url that requires login, because the session key will be set but an `AnonymousUser` is returned.

A pull request is linked which addresses the issue by setting the actual path used in `AUTHENTICATION_BACKENDS` in the user, without any changes to the working public API. All the tests passed under SQLite.
"	Bug	assigned	contrib.auth	1.7	Normal			sdeprez	Unreviewed	0	0	0	0	0	0