Opened 21 months ago
Last modified 21 months ago
#34408 closed Bug
Authorization in Custom Authentication Backend does not work — at Initial Version
| Reported by: | Vivek Kumar Singh | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 4.1 |
| Severity: | Normal | Keywords: | authentication, authorization |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
I was experimenting with has_perm and user_can_authenticate functions in my custom authentication backend when I found out these function aren't even executing during the Authentication process. I tries putting print statements but there was no output in the log screen. I also tried using example suggested in Django Documentation (https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#handling-authorization-in-custom-backends) but it still didn't work.
Here is my code:
backends.py
`
class EmailBackend(BaseBackend):
def authenticate(self, request, username=None, password=None):
try:
user = User.objects.get(email=username)
if user.check_password(password):
return user
return None
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def has_perm(self, user_obj, perm, obj=None):
print("hello")
return True
`
and logs
`
[12/Mar/2023 00:01:05] "GET /login HTTP/1.1" 200 861
[12/Mar/2023 00:01:16] "POST /login HTTP/1.1" 302 0
[12/Mar/2023 00:01:16] "GET / HTTP/1.1" 200 370
`
as you can see there was no output saying "hello".
please explain what is the use of has_perm and other authorization functions in django anyway.