How can an object other than a User login with that function? The
proprietary implementation of User logins is even more of a case to
out login on User, isn't it? If you cant even login a User object
without doing special things to it first, how can you expect to login
a Foo?
On Sep 25, 4:13 am, Harro <hvdkl...@gmail.com> wrote:
> Authentication = verification
> Login = saving the authenticated user so we remember them.
>
> Putting login on the user model is a bad idea.
> That will only make the whole auth app less flexible than it already
> is.
> What if I have another model which isn't a user but is able to login.
>
> Besides.. is_active does not mean you're not allowed to log in.. I'm
> currently on a website where a user can register and do things on the
> website right away and they won't be active till they have verified
> their e-mail address. So the in active user can login and start using
> the basic features right away.
>
> On Sep 24, 6:58 am, Yo-Yo Ma <baxterstock...@gmail.com> wrote:
>
>
>
> > Thanks for the replies David. I didn't mean to sound brash with the
> > Joel stuff. It's just that the API didn't doesn't feel right. Perhaps
> > changing login to a method or User would fix both problems (explicit
> > better than implicit avoids confusion) because only a User logs in. A
> > User derived from authenticate() already has permission (almost) to
> > log in, so why not let them do it, and raise an exception if they try
> > when they're not .is_active?
>
> > user = authenticated('mike', 'openSesame')
> > user.login(request)
>
> > This prevents the problem from arising, without having to define a
> > __gettattr__ on User for some edge case. It also cleans up the smell.
> > I assume something like this could be changed in 1.4, no?
>
> > On Sep 23, 5:43 pm, "David P. Novakovic" <davidnovako...@gmail.com>
> > wrote:
>
> > > To take something constructive from this.. perhaps backend could be a
> > > property that raises a more meaningful exception when it is called the
> > > wrong way?
>
> > > I'm not particularly for or against the idea.. but I know raising more
> > > meaningful exceptions is an issue that has received some attention
> > > previously.
>
> > > Thoughts anyone?
>
> > > On Fri, Sep 24, 2010 at 9:32 AM, David P. Novakovic
>
> > > <davidnovako...@gmail.com> wrote:
> > > > Apart from being slightly offended at you posting a Joel Spolski link
> > > > to make a point, I'll address the actual issue at hand :P
>
> > > > These docs pretty clearly show authenticate happening before login.
> > > > Both in examples and the actual docs.
>
> > > >http://docs.djangoproject.com/en/dev/topics/auth/#how-to-log-a-user-in
>
> > > > Notice in particular:
>
> > > > """
> > > > Calling authenticate() first
>
> > > > When you're manually logging a user in, you must call authenticate()
> > > > before you call login(). authenticate() sets an attribute on the User
> > > > noting which authentication backend successfully authenticated that
> > > > user (see the backends documentation for details), and this
> > > > information is needed later during the login process.
> > > > """
>
> > > > The only time I could see this being a documentation issue is when
> > > > someone is implementing their own authenticate function but this
> > > > breaks the django convention if simply implementing a backend and
> > > > adding it to the list of auth backends and letting authenticate()
> > > > provide the actual authentication.
>
> > > > So yep, unfortunately this is an issue for django-users.
>
> > > > David
>
> > > > On Fri, Sep 24, 2010 at 9:02 AM, Yo-Yo Ma <baxterstock...@gmail.com>
> > > > wrote:
> > > >> It is a problem with Django. I thought it was a problem with the code
> > > >> but it isn't. It's a problem with the documentation, or worse. An
> > > >> function of an API that requires running of another function to alter
> > > >> an object behind the scenes is an architectural problem that needs
> > > >> fixing.
> > > >> Seehttp://www.joelonsoftware.com/articles/LeakyAbstractions.html
> > > >> - and furthermore, if the choice is made to leave problems like this
> > > >> unfixed, they should be documented as so. The current documentation
> > > >> here says, "It takes an HttpRequest object and a User object.". This
> > > >> isn't true, as as simple User object will not suffice. It should say,
> > > >> "It takes an HttpRequest object and a User object that has been run
> > > >> through the function authenticate() first to alter the auth backends
> > > >> that are attached as attributes to it.".
>
> > > >> This has very bad code smell, IMHO.
>
> > > >> On Sep 23, 3:47 pm, "David P. Novakovic" <davidnovako...@gmail.com>
> > > >> wrote:
> > > >>> This probably should have been posted to django-users anyway.
>
> > > >>> Chances are, getting a stacktrace like this one or the last error you
> > > >>> posted are actually problems with your code and not django itself.
>
> > > >>> Unless you can show that it is actually a problem with django and not
> > > >>> the way you are using it, it'd be better addressed on django-users
> > > >>> first.
>
> > > >>> David
>
> > > >>> On Fri, Sep 24, 2010 at 5:41 AM, Jacob Kaplan-Moss
> > > >>> <ja...@jacobian.org> wrote:
> > > >>> > On Thu, Sep 23, 2010 at 2:18 PM, Yo-Yo Ma
> > > >>> > <baxterstock...@gmail.com> wrote:
> > > >>> >> Hey Jacob, understood. Here's some more details that might help:
> > > >>> > [snip]
> > > >>> >> if user.check_password(request.POST.get('password',
> > > >>> >> '')):
> > > >>> >> login(request, user)
>
> > > >>> > As Santiago mentioned, you need to call authenticate() before
> > > >>> > calling
> > > >>> > login().
> > > >>> > Seehttp://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth...
> > > >>> > for details.
>
> > > >>> > Jacob
>
> > > >>> > --
> > > >>> > You received this message because you are subscribed to the Google
> > > >>> > Groups "Django developers" group.
> > > >>> > To post to this group, send email to
> > > >>> > django-develop...@googlegroups.com.
> > > >>> > To unsubscribe from this group, send email to
> > > >>> > django-developers+unsubscr...@googlegroups.com.
> > > >>> > For more options, visit this group
> > > >>> > athttp://groups.google.com/group/django-developers?hl=en.
>
> > > >> --
> > > >> You received this message because you are subscribed to the Google
> > > >> Groups "Django developers" group.
> > > >> To post to this group, send email to
> > > >> django-develop...@googlegroups.com.
> > > >> To unsubscribe from this group, send email to
> > > >> django-developers+unsubscr...@googlegroups.com.
> > > >> For more options, visit this group
> > > >> athttp://groups.google.com/group/django-developers?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
