Opened 6 years ago

Closed 6 years ago

#27542 closed Cleanup/optimization (fixed)

Client.force_login() shouldn't use authentication backends without a get_user() method

Reported by: Tom Forbes Owned by: nobody
Component: Testing framework Version: dev
Severity: Normal Keywords:
Cc: django@…, desecho@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

In the current code if no backend is passed to the TestClient.force_login it simply uses the first one:

https://github.com/django/django/blob/master/django/test/client.py#L635

I think this could be improved. Libraries like django-rules are implemented as an authentication backend but don't implement a get_user method. This leads to confusing errors, as described in this ticket: https://github.com/dfunckt/django-rules/issues/46

Perhaps rather than doing backend = settings.AUTHENTICATION_BACKENDS[0] it could filter out backends that don't implement a get_user method, or follow the usual chain of authentication backends (i.e skipping ones that return None)?

Change History (4)

comment:1 Changed 6 years ago by Tim Graham

Summary: Testclients force_login should be smarter about which authentication backend is usedClient.force_login() shouldn't use authentication backends without a get_user() method
Triage Stage: UnreviewedAccepted
Type: New featureCleanup/optimization

comment:2 Changed 6 years ago by Daniel Hahler

Cc: django@… added

comment:3 Changed 6 years ago by Anton Samarchyan

Cc: desecho@… added
Has patch: set
Version: 1.10master

Added PR.

comment:4 Changed 6 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 47744a0a:

Fixed #27542 -- Made Client.force_login() skip auth backends without get_user().

Note: See TracTickets for help on using tickets.
Back to Top