#26988: User is_authenticated callable property is confusing to check
-------------------------------------+-------------------------------------
Reporter: marktranchant | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 1.10
Severity: Release blocker | Resolution:
Keywords: user | Triage Stage:
is_authenticated property test | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by marktranchant):
* easy: 0 => 1
Old description:
> Just upgraded to 1.10, converted all {{{ is_authenticated() }}} methods
> into {{{ is_authenticated }}} properties as per the
> [https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is-
> authenticated-and-user-is-anonymous-as-methods Release Notes] and a test
> in my test suite failed.
>
> It turns out I was checking for a logged in user with {{{ if
> request.user.is_authenticated is False: }}}, but the {{{ is_authenticated
> }}} property is actually a {{{ CallableBool() }}} so is not False under
> any circumstances.
>
> Checking this property only gives logical results with direct {{{ if
> user.is_authenticated }}} or {{{ if not user.is_authenticated }}}. This
> is very misleading and non-intuitive behaviour and should be fixed or
> strongly called out in the documentation. Example:
>
> {{{
> In [1]: from django.contrib.auth.models import AnonymousUser,
> AbstractBaseUser
>
> In [2]: a = AnonymousUser()
>
> In [3]: b = AbstractBaseUser()
>
> In [4]: a.is_authenticated
> Out[4]: CallableBool(False)
>
> In [5]: b.is_authenticated
> Out[5]: CallableBool(True)
>
> In [6]: a.is_authenticated is False
> Out[6]: False
>
> In [7]: a.is_authenticated == False
> Out[7]: False
>
> In [8]: not a.is_authenticated
> Out[8]: True
>
> In [9]: not b.is_authenticated
> Out[9]: False
>
> In [10]: b.is_authenticated == False
> Out[10]: False
>
> In [11]: b.is_authenticated == True
> Out[11]: False
> }}}
New description:
Just upgraded to 1.10, converted all {{{is_authenticated()}}} methods into
{{{is_authenticated}}} properties as per the
[https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is-
authenticated-and-user-is-anonymous-as-methods Release Notes] and a test
in my test suite failed.
It turns out I was checking for a logged in user with {{{if
request.user.is_authenticated is False:}}}, but the {{{is_authenticated}}}
property is actually a {{{CallableBool}}} which cannot be tested with {{==
False}}, {{is False}}, {{== True}} or {{is True}}.
Checking this property only gives logical results with direct {{{if
user.is_authenticated}}} or {{{if not user.is_authenticated}}}. This is
very misleading and non-intuitive behaviour (at odds with
[https://www.python.org/dev/peps/pep-0008/#programming-recommendations
PEP8 (bottom of linked section)] and should be fixed or strongly called
out in the documentation. Example:
{{{
In [1]: from django.contrib.auth.models import AnonymousUser,
AbstractBaseUser
In [2]: a = AnonymousUser()
In [3]: b = AbstractBaseUser()
In [4]: a.is_authenticated
Out[4]: CallableBool(False)
In [5]: b.is_authenticated
Out[5]: CallableBool(True)
In [6]: a.is_authenticated is False
Out[6]: False
In [7]: a.is_authenticated == False
Out[7]: False
In [8]: not a.is_authenticated
Out[8]: True
In [9]: not b.is_authenticated
Out[9]: False
In [10]: b.is_authenticated == False
Out[10]: False
In [11]: b.is_authenticated == True
Out[11]: False
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/26988#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/071.464736b8502636621ab6ebf11cacb3b6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
