#28207 closed Bug (fixed)
contrib.auth.authenticate() doesn't work correctly if multiple auth backends don't accept a position request argument
Reported by: | Tamas Szabo | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 1.11 |
Severity: | Release blocker | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Django 1.11 introduced the new request
positional argument for the authenticate
method.
Unfortunately, it looks like the implementation has a bug. The credentials parameter received by the function can be mutated to adapt the keyword arguments when calling the backend:
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L92
However, the variable isn't reset at the top of the loop (like args
is) so the following backend(s) will be processed as if request
was in the **credentials
` dictionary.
As a result both
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L72
and
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L77
will always fail with type errors, because the request
argument is passed in twice into them.
Change History (8)
comment:1 by , 8 years ago
comment:3 by , 8 years ago
Component: | Core (Management commands) → contrib.auth |
---|---|
Has patch: | set |
Severity: | Normal → Release blocker |
Summary: | Bug in contrib.auth.authenticate → contrib.auth.authenticate() doesn't work correctly if multiple auth backends don't accept a position request argument |
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Bug |
comment:6 by , 8 years ago
This causes a TypeError
with Social Auth's Django app.
See https://github.com/django/django/pull/8533.
Test that fails because of the bug described:
https://github.com/sztamas/django/commit/74cc4d6cce6d83d72392ba5b371e004746e59c66