#8878 closed (duplicate)
Authentication in the admin should not make any assumptions on valid user names
| Reported by: | jdetaeye | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Keywords: | authentication | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When the user authentication with all configured authentication backend fails, the admin application adds some additional checks when the user name contains the character @.
This does't make sense: the admin application can't know what is a valid user name for the backends. For some backends a @ in the user name may well be valid.
Attachments (1)
Change History (3)
by , 16 years ago
| Attachment: | login_message.patch added |
|---|
follow-up: 2 comment:1 by , 16 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
comment:2 by , 16 years ago
Replying to ubernostrum:
Duplicate of #8342 and #7591. In the future, please search for existing tickets before filing a new one.
Sorry about not having searched well enough for an existing ticket.
However, I don't agree with the resolution on the duplicate (and closed) tickets. In this case it is 100% clear that the admin application is doing tasks which are clearly outside it's domain. It violates the design of truely pluggable authentication backends.
The argumentation used to close these tickets is flaky...
simple fix