On Feb 23, 2012 3:41 PM, "Tom Evans" <tevans...@googlemail.com> wrote:
>
> Hi all
>
> I don't like this function that much. It doesn't actually check
> whether users are authenticated - which is to say, they have presented
> credentials which we have accepted and authorized them to use to the
> site. Instead it always returns true. is_not_anonymous_user() may be a
> better name.
>
> User.is_authenticated() is documented like so:
>
> """
> is_authenticated()
> Always returns True. This is a way to tell if the user has been
> authenticated. This does not imply any permissions, and doesn't check
> if the user is active - it only indicates that the user has provided a
> valid username and password.
> """"
>
> This is misleading, as it doesn't actually indicate that the user has
> provided a valid username and password, since it always returns True.
>
> There can be many ways that a user authenticates without having to
> provide username and password, and User objects not automatically
> instantiated by the auth middleware (eg, manually looking up a user)
> haven't been authenticated at all.
>
> Eg, this code:
>
> def myview(request):
> user = User.objects.all().order_by('?')[0]
> user.is_authenticated()
>
> At no point has that user object been authenticated, or supplied valid
creds.
>
> Obviously, this function cannot change in behaviour or name, so I
> suggest altering the docs, dropping the clause about indicating that
> the user has provided username and password to make it clearer what
> this method does.
It does prove that they've authenticated, in that request.user will contain
an AnonymousUser if they're not logged in, which overrides this method to
always return False. If they are, then they'll get their actual user, which
will return True.
>
> Cheers
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
"Django developers" group.
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
