I've raised this as a bug: http://code.djangoproject.com/ticket/10901
Regards, Tamas On Apr 20, 4:20 pm, Tamas Szabo <szab...@gmail.com> wrote: > Hi, > > The function authenticate in django/contrib/auth/__init__.py reads: > > 31 def authenticate(**credentials): > 32 """ > 33 If the given credentials are valid, return a User object. > 34 """ > 35 for backend in get_backends(): > 36 try: > 37 user = backend.authenticate(**credentials) > 38 except TypeError: > 39 # This backend doesn't accept these credentials as > arguments. Try the next one. > 40 continue > 41 if user is None: > 42 continue > 43 # Annotate the user object with the path of the backend. > 44 user.backend = "%s.%s" % (backend.__module__, > backend.__class__.__name__) > 45 return user > > As you can see the code catches and silently ignores all TypeError exceptions: > The problems with this approach are: > - Why not fail as early as possible if one of the authentication > backends configured in settings.py has a wrong signature? If nothing > else at least a warning should be logged IMHO. > - The bigger is that the code silently catches all TypeError > exceptions. If the signature is correct, but the custom backend > authenticator somewhere has abugand a TypeError is raised as a > result, the exception will be hidden away. TypeError is a common > exception, so I don't think that catching and ignoring it in code that > others will write is a good idea. > > I intended to raise this as abug, but first I wanted to make sure > that others would consider it abugtoo. > > Cheers, > > Tamas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
