#2656 closed defect (invalid)
After creating a new user with create_user, calling login is failed
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Core (Other) | Version: | |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I see that login() should be called after authenticate(), but because I created a new user using create_user(), so I think I don't need invoke authenticate() at all. Need I *MUST* call authenticate(), after I create_user() a new user, in order to login() the new user?
Change History (6)
comment:1 by , 18 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 18 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
I know that. But what I mean is since I can create a user successfully, so it's implied that the user is a valid user, and should not need to authenticate again, just call login() is enought. So I think the create_user should automaticly authenticate the new user.
comment:3 by , 18 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
I don't think that was the question -- if I'm understanding correctly, he's asking what the proper step is to log a user in automatically after creating the user's account. In which case he probably does want to call login
instead of authenticate
-- authenticate
does not log the user in, it simply returns the object corresponding to the user's account if the supplied credentials are correct.
Regardless, this is an issue to be explored on the mailing list, not here in a ticket, so I'm closing it.
comment:4 by , 18 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
This is a definately a bug, this also intereferes with functionality that allows one user to login as another, for instance for administrative access or automaticaly loged role users, etc, like 'su' in the shell, the login function should able to work with out without the authenticate function, leave that up to the application developer.
comment:5 by , 18 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
I think you're misunderstanding the names of the functions. login
does not display a login form, or ask for credentials. authenticate
does. The purpose of the login
function is to persist the user's identifying information in their session so they won't have to authenticate again and again and again. Therefore, any sort of "switch user" functionality must rely on authenticate
.
Closing again.
comment:6 by , 18 years ago
And just to clarify in an utterly pedantic way, based on double-checking the code:
login
takes two arguments: theHttpRequest
and aUser
object, and updates the session corresponding to the request with info about the user. That's it.authenticate
takes a set of credentials (using the default built-in auth backend, this is a username/password pair) and sees if they correspond to a validUser
object, then returns thatUser
object.
In other words, any su
-style functionality has to be built around authenticate
, and that's not a bug -- authenticate
is, well, how you authenticate people. If you want to do a password-less-style switch the way su
works on Unix when you're root, you can supply a custom auth backend which supports that.
Yes, you MUST call authenticate, as authenticate actually logs in the user and sets up the login cookie, etc. While creating a user does not log them in (and should NOT as its a model operation only). These are two VERY different operations.