On Fri, Mar 30, 2012 at 10:39 AM, Stratos Moros <[email protected]> wrote: > You can read the proposal nicely formatted here: > https://gist.github.com/8dd9fb27127b44d4e789
Hi Stratos It's a long proposal, so this is a brain dump of bits that I find interesting/worrisome. I'm sure you've followed the recent threads on the topic. The (wildly) different solutions garnered from those long threads are all listed on this wiki page: https://code.djangoproject.com/wiki/ContribAuthImprovements I don't think this proposal ties in with any of them? Your proposal involves multiple user models, whilst none of them do. Login: Where have auth backends gone in your plan? Why do user objects have a login method, login should be distinct from user objects, otherwise login is coupled to a user object, and you cannot log in to the same user using different authentication techniques. It is common these days to provide multiple ways of authenticating to your users, if I authenticate by smartcard, user/password, Facebook auth, SAML federation, or a "remember me" signed auth cookie, I should still get the same user object. The choice of authentication is irrelevant. More to the point, it should be *my* choice. Forcing authentication into the user model removes that choice, or requires us to have N user models per user, one per auth method. Authentication mixins: This goes to the above point; if I have to mixin an authentication class to my user object (adding the required login() + others methods), it means I can only have one authentication mechanism for a particular user model. Deprecating user profiles: The purpose of user profiles is to provide a place for a pluggable app to store its own information about a user. Adding a pluggable app should not mean having to add fields to your user model, but with no user profiles, that's what is suggested. Once you have a significant number of pluggable apps, you could have a User model with a crazy number of fields - I can envisage scenarios where you have over 100 fields. This makes doing anything with the user model slower. Furthermore, storage for each field is now required for every user, whilst with a pluggable profile, it would only exist if the user utilizes that app. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
