How can an object other than a User login with that function? The proprietary implementation of User logins is even more of a case to out login on User, isn't it? If you cant even login a User object without doing special things to it first, how can you expect to login a Foo?
On Sep 25, 4:13 am, Harro <hvdkl...@gmail.com> wrote: > Authentication = verification > Login = saving the authenticated user so we remember them. > > Putting login on the user model is a bad idea. > That will only make the whole auth app less flexible than it already > is. > What if I have another model which isn't a user but is able to login. > > Besides.. is_active does not mean you're not allowed to log in.. I'm > currently on a website where a user can register and do things on the > website right away and they won't be active till they have verified > their e-mail address. So the in active user can login and start using > the basic features right away. > > On Sep 24, 6:58 am, Yo-Yo Ma <baxterstock...@gmail.com> wrote: > > > > > Thanks for the replies David. I didn't mean to sound brash with the > > Joel stuff. It's just that the API didn't doesn't feel right. Perhaps > > changing login to a method or User would fix both problems (explicit > > better than implicit avoids confusion) because only a User logs in. A > > User derived from authenticate() already has permission (almost) to > > log in, so why not let them do it, and raise an exception if they try > > when they're not .is_active? > > > user = authenticated('mike', 'openSesame') > > user.login(request) > > > This prevents the problem from arising, without having to define a > > __gettattr__ on User for some edge case. It also cleans up the smell. > > I assume something like this could be changed in 1.4, no? > > > On Sep 23, 5:43 pm, "David P. Novakovic" <davidnovako...@gmail.com> > > wrote: > > > > To take something constructive from this.. perhaps backend could be a > > > property that raises a more meaningful exception when it is called the > > > wrong way? > > > > I'm not particularly for or against the idea.. but I know raising more > > > meaningful exceptions is an issue that has received some attention > > > previously. > > > > Thoughts anyone? > > > > On Fri, Sep 24, 2010 at 9:32 AM, David P. Novakovic > > > > <davidnovako...@gmail.com> wrote: > > > > Apart from being slightly offended at you posting a Joel Spolski link > > > > to make a point, I'll address the actual issue at hand :P > > > > > These docs pretty clearly show authenticate happening before login. > > > > Both in examples and the actual docs. > > > > >http://docs.djangoproject.com/en/dev/topics/auth/#how-to-log-a-user-in > > > > > Notice in particular: > > > > > """ > > > > Calling authenticate() first > > > > > When you're manually logging a user in, you must call authenticate() > > > > before you call login(). authenticate() sets an attribute on the User > > > > noting which authentication backend successfully authenticated that > > > > user (see the backends documentation for details), and this > > > > information is needed later during the login process. > > > > """ > > > > > The only time I could see this being a documentation issue is when > > > > someone is implementing their own authenticate function but this > > > > breaks the django convention if simply implementing a backend and > > > > adding it to the list of auth backends and letting authenticate() > > > > provide the actual authentication. > > > > > So yep, unfortunately this is an issue for django-users. > > > > > David > > > > > On Fri, Sep 24, 2010 at 9:02 AM, Yo-Yo Ma <baxterstock...@gmail.com> > > > > wrote: > > > >> It is a problem with Django. I thought it was a problem with the code > > > >> but it isn't. It's a problem with the documentation, or worse. An > > > >> function of an API that requires running of another function to alter > > > >> an object behind the scenes is an architectural problem that needs > > > >> fixing. > > > >> Seehttp://www.joelonsoftware.com/articles/LeakyAbstractions.html > > > >> - and furthermore, if the choice is made to leave problems like this > > > >> unfixed, they should be documented as so. The current documentation > > > >> here says, "It takes an HttpRequest object and a User object.". This > > > >> isn't true, as as simple User object will not suffice. It should say, > > > >> "It takes an HttpRequest object and a User object that has been run > > > >> through the function authenticate() first to alter the auth backends > > > >> that are attached as attributes to it.". > > > > >> This has very bad code smell, IMHO. > > > > >> On Sep 23, 3:47 pm, "David P. Novakovic" <davidnovako...@gmail.com> > > > >> wrote: > > > >>> This probably should have been posted to django-users anyway. > > > > >>> Chances are, getting a stacktrace like this one or the last error you > > > >>> posted are actually problems with your code and not django itself. > > > > >>> Unless you can show that it is actually a problem with django and not > > > >>> the way you are using it, it'd be better addressed on django-users > > > >>> first. > > > > >>> David > > > > >>> On Fri, Sep 24, 2010 at 5:41 AM, Jacob Kaplan-Moss > > > >>> <ja...@jacobian.org> wrote: > > > >>> > On Thu, Sep 23, 2010 at 2:18 PM, Yo-Yo Ma > > > >>> > <baxterstock...@gmail.com> wrote: > > > >>> >> Hey Jacob, understood. Here's some more details that might help: > > > >>> > [snip] > > > >>> >> if user.check_password(request.POST.get('password', > > > >>> >> '')): > > > >>> >> login(request, user) > > > > >>> > As Santiago mentioned, you need to call authenticate() before > > > >>> > calling > > > >>> > login(). > > > >>> > Seehttp://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth... > > > >>> > for details. > > > > >>> > Jacob > > > > >>> > -- > > > >>> > You received this message because you are subscribed to the Google > > > >>> > Groups "Django developers" group. > > > >>> > To post to this group, send email to > > > >>> > django-develop...@googlegroups.com. > > > >>> > To unsubscribe from this group, send email to > > > >>> > django-developers+unsubscr...@googlegroups.com. > > > >>> > For more options, visit this group > > > >>> > athttp://groups.google.com/group/django-developers?hl=en. > > > > >> -- > > > >> You received this message because you are subscribed to the Google > > > >> Groups "Django developers" group. > > > >> To post to this group, send email to > > > >> django-develop...@googlegroups.com. > > > >> To unsubscribe from this group, send email to > > > >> django-developers+unsubscr...@googlegroups.com. > > > >> For more options, visit this group > > > >> athttp://groups.google.com/group/django-developers?hl=en. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.