On 4/11/06, Ivan Sagalaev <[EMAIL PROTECTED]> wrote: > > Joseph Kocherhans wrote: > > >The authentication api has been simplified into 5 functions in > >django.contrib.auth.utils > > > >authenticate(request) > >Returns a user if valid credentials were found in the request. > > > >login(request, user) > >Persist a user id and a backend name in the session. This way a user > >doesn't have to reauthenticate on every request. > > > >logout(request) > >Remove the persistent user id and backend name from the session. > > > >authentiate_and_login(request) > >Convenience function to authenticate a request and log a user in. > >Returns the user object, or None if authentication failed. > > > >get_current_user(request) > >This is automatically called by the AuthenticationMiddleware to set > >request.user. Someone may wish to import and call it, but I don't see > >why. > > > > > How do you like the idea of making auth API work with credentials and > not with request? That way it's possible to use authentication in > non-web environment (think of maintanance scripts from cron). In web > environment a credential plugin can just automatically populate > "request.credentials" and these would go into auth API instead of a > plain request.
For login, logout, and get_current_user, that wouldn't work. In a web context those functions need access to a session or they need to get/set cookies. It would work for authenticate, but I don't think the added complexity for the most common case is worth it if you have to duplicate the functionality of login/logout/get_current_user anyhow. One option might be to add another function, check_credentials. It would bypass cycling through the credential plugins, and just pass the given credentials directly to each of backends until one succeeded. The equivalents of login/logout/get_current_user would then need to be implemented by the developer. Joseph --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
