Opened 6 years ago

Last modified 6 years ago

#26988 closed Cleanup/optimization

User is_authenticated callable property confusing if used with "is False" — at Initial Version

Reported by: Mark Tranchant Owned by: nobody
Component: contrib.auth Version: 1.10
Severity: Release blocker Keywords: user is_authenticated property test
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Just upgraded to 1.10, converted all is_authenticated() methods into is_authenticated properties as per the Release Notes and a test in my test suite failed.

It turns out I was checking for a logged in user with if request.user.is_authenticated is False: , but the is_authenticated property is actually a CallableBool() so is not False under any circumstances.

Checking this property only gives logical results with direct if user.is_authenticated or if not user.is_authenticated . This is very misleading and non-intuitive behaviour and should be fixed or strongly called out in the documentation. Example:

In [1]: from django.contrib.auth.models import AnonymousUser, AbstractBaseUser

In [2]: a = AnonymousUser()

In [3]: b = AbstractBaseUser()

In [4]: a.is_authenticated
Out[4]: CallableBool(False)

In [5]: b.is_authenticated
Out[5]: CallableBool(True)

In [6]: a.is_authenticated is False
Out[6]: False

In [7]: a.is_authenticated == False
Out[7]: False

In [8]: not a.is_authenticated
Out[8]: True

In [9]: not b.is_authenticated
Out[9]: False

In [10]: b.is_authenticated == False
Out[10]: False

In [11]: b.is_authenticated == True
Out[11]: False

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top