#25164: The django.contrib.auth.views.login does not observe authentication via RemoteUserMiddleware ------------------------------+-------------------- Reporter: adelton | Owner: nobody Type: Bug | Status: new Component: contrib.auth | Version: master Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Easy pickings: 0 | UI/UX: 0 ------------------------------+-------------------- Assume application which uses `django.contrib.auth.views.login` and it works fine. Then `django.contrib.auth.middleware.RemoteUserMiddleware` is enabled. Even when the user is authenticated via the `REMOTE_USER` mechanism, the login page is still shown but any templates that check `user.is_anonymous` will see the user as authenticated, on that page. And with `PersistentRemoteUserMiddleware` on any page after that.
This is kind of related to https://code.djangoproject.com/ticket/25030 where it's been suggested that the solution should go to `django.contrib.auth`, and also https://code.djangoproject.com/ticket/25163 which might actually be just `django.contrib.admin` case of this more generic `django.contrib.auth` issue. -- Ticket URL: <https://code.djangoproject.com/ticket/25164> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/050.77b820fdf372300db397725d63b71da9%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.