Hi,
The function authenticate in django/contrib/auth/__init__.py reads:
31 def authenticate(**credentials):
32 """
33 If the given credentials are valid, return a User object.
34 """
35 for backend in get_backends():
36 try:
37 user = backend.authenticate(**credentials)
38 except TypeError:
39 # This backend doesn't accept these credentials as
arguments. Try the next one.
40 continue
41 if user is None:
42 continue
43 # Annotate the user object with the path of the backend.
44 user.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
45 return user
As you can see the code catches and silently ignores all TypeError exceptions:
The problems with this approach are:
- Why not fail as early as possible if one of the authentication
backends configured in settings.py has a wrong signature? If nothing
else at least a warning should be logged IMHO.
- The bigger is that the code silently catches all TypeError
exceptions. If the signature is correct, but the custom backend
authenticator somewhere has a bug and a TypeError is raised as a
result, the exception will be hidden away. TypeError is a common
exception, so I don't think that catching and ignoring it in code that
others will write is a good idea.
I intended to raise this as a bug, but first I wanted to make sure
that others would consider it a bug too.
Cheers,
Tamas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
