Opened 7 years ago
Closed 7 years ago
#27542 closed Cleanup/optimization (fixed)
Client.force_login() shouldn't use authentication backends without a get_user() method
| Reported by: | Tom Forbes | Owned by: | nobody |
|---|---|---|---|
| Component: | Testing framework | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | django@…, desecho@… | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In the current code if no backend is passed to the TestClient.force_login it simply uses the first one:
https://github.com/django/django/blob/master/django/test/client.py#L635
I think this could be improved. Libraries like django-rules are implemented as an authentication backend but don't implement a get_user method. This leads to confusing errors, as described in this ticket: https://github.com/dfunckt/django-rules/issues/46
Perhaps rather than doing backend = settings.AUTHENTICATION_BACKENDS[0] it could filter out backends that don't implement a get_user method, or follow the usual chain of authentication backends (i.e skipping ones that return None)?
Change History (4)
comment:1 by , 7 years ago
| Summary: | Testclients force_login should be smarter about which authentication backend is used → Client.force_login() shouldn't use authentication backends without a get_user() method |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | New feature → Cleanup/optimization |
comment:2 by , 7 years ago
| Cc: | added |
|---|
comment:3 by , 7 years ago
| Cc: | added |
|---|---|
| Has patch: | set |
| Version: | 1.10 → master |
Note:
See TracTickets
for help on using tickets.
Added PR.