Opened 8 years ago
Closed 8 years ago
#27542 closed Cleanup/optimization (fixed)
Client.force_login() shouldn't use authentication backends without a get_user() method
Reported by: | Tom Forbes | Owned by: | nobody |
---|---|---|---|
Component: | Testing framework | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | django@…, desecho@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
In the current code if no backend
is passed to the TestClient.force_login it simply uses the first one:
https://github.com/django/django/blob/master/django/test/client.py#L635
I think this could be improved. Libraries like django-rules
are implemented as an authentication backend but don't implement a get_user
method. This leads to confusing errors, as described in this ticket: https://github.com/dfunckt/django-rules/issues/46
Perhaps rather than doing backend = settings.AUTHENTICATION_BACKENDS[0]
it could filter out backends that don't implement a get_user
method, or follow the usual chain of authentication backends (i.e skipping ones that return None)?
Change History (4)
comment:1 by , 8 years ago
Summary: | Testclients force_login should be smarter about which authentication backend is used → Client.force_login() shouldn't use authentication backends without a get_user() method |
---|---|
Triage Stage: | Unreviewed → Accepted |
Type: | New feature → Cleanup/optimization |
comment:2 by , 8 years ago
Cc: | added |
---|
comment:3 by , 8 years ago
Cc: | added |
---|---|
Has patch: | set |
Version: | 1.10 → master |
Added PR.