#25164: The django.contrib.auth.views.login does not observe authentication via
RemoteUserMiddleware
------------------------------+--------------------
Reporter: adelton | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
Assume application which uses `django.contrib.auth.views.login` and it
works fine. Then `django.contrib.auth.middleware.RemoteUserMiddleware` is
enabled. Even when the user is authenticated via the `REMOTE_USER`
mechanism, the login page is still shown but any templates that check
`user.is_anonymous` will see the user as authenticated, on that page. And
with `PersistentRemoteUserMiddleware` on any page after that.
This is kind of related to https://code.djangoproject.com/ticket/25030
where it's been suggested that the solution should go to
`django.contrib.auth`, and also
https://code.djangoproject.com/ticket/25163 which might actually be just
`django.contrib.admin` case of this more generic `django.contrib.auth`
issue.
--
Ticket URL: <https://code.djangoproject.com/ticket/25164>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.77b820fdf372300db397725d63b71da9%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
