Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#8878 closed (duplicate)

Authentication in the admin should not make any assumptions on valid user names

Reported by: jdetaeye Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: authentication
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


When the user authentication with all configured authentication backend fails, the admin application adds some additional checks when the user name contains the character @.

This does't make sense: the admin application can't know what is a valid user name for the backends. For some backends a @ in the user name may well be valid.

Attachments (1)

login_message.patch (1.3 KB) - added by jdetaeye 8 years ago.
simple fix

Download all attachments as: .zip

Change History (3)

Changed 8 years ago by jdetaeye

Attachment: login_message.patch added

simple fix

comment:1 Changed 8 years ago by James Bennett

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Resolution: duplicate
Status: newclosed

Duplicate of #8342 and #7591. In the future, please search for existing tickets before filing a new one.

comment:2 in reply to:  1 Changed 8 years ago by jdetaeye

Replying to ubernostrum:

Duplicate of #8342 and #7591. In the future, please search for existing tickets before filing a new one.

Sorry about not having searched well enough for an existing ticket.

However, I don't agree with the resolution on the duplicate (and closed) tickets. In this case it is 100% clear that the admin application is doing tasks which are clearly outside it's domain. It violates the design of truely pluggable authentication backends.
The argumentation used to close these tickets is flaky...

Note: See TracTickets for help on using tickets.
Back to Top