#27292 closed Cleanup/optimization (fixed)
Example authentication backend doesn't need to set user's password
| Reported by: | Attila-Mihaly Balazs | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 1.10 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Link: https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#writing-an-authentication-backend
It currently says:
...
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from settings.py will.
user = User(username=username, password='get from settings.py')
....
A better practice would be to call "set_unusable_password()" on the user object.
Attachments (1)
Change History (5)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
| Has patch: | set |
|---|---|
| Summary: | Improve example code in the "Writing an authentication backend" of the documentation → Example authentication backend doesn't need to set user's password |
| Triage Stage: | Unreviewed → Accepted |
Proposed patch is attached. Let me know if I missed the reason why set_unusable_password() is useful.
by , 8 years ago
| Attachment: | 27292.diff added |
|---|
Note:
See TracTickets
for help on using tickets.
Could you explain that a bit more? It looks to me like
password='get from settings.py'could bepassword=settings.ADMIN_PASSWORD, but I don't understand why setting an unusable password would be desired.