#26988: User is_authenticated callable property is confusing to check -------------------------------------+------------------------------------- Reporter: marktranchant | Owner: nobody Type: Uncategorized | Status: new Component: contrib.auth | Version: 1.10 Severity: Release blocker | Resolution: Keywords: user | Triage Stage: is_authenticated property test | Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 1 | UI/UX: 0 -------------------------------------+------------------------------------- Description changed by marktranchant:
Old description: > Just upgraded to 1.10, converted all {{{is_authenticated()}}} methods > into {{{is_authenticated}}} properties as per the > [https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is- > authenticated-and-user-is-anonymous-as-methods Release Notes] and a test > in my test suite failed. > > It turns out I was checking for a logged in user with {{{if > request.user.is_authenticated is False:}}}, but the > {{{is_authenticated}}} property is actually a {{{CallableBool}}} which > cannot be tested with {{== False}}, {{is False}}, {{== True}} or {{is > True}}. > > Checking this property only gives logical results with direct {{{if > user.is_authenticated}}} or {{{if not user.is_authenticated}}}. This is > very misleading and non-intuitive behaviour (at odds with > [https://www.python.org/dev/peps/pep-0008/#programming-recommendations > PEP8 (bottom of linked section)] and should be fixed or strongly called > out in the documentation. Example: > > {{{ > In [1]: from django.contrib.auth.models import AnonymousUser, > AbstractBaseUser > > In [2]: a = AnonymousUser() > > In [3]: b = AbstractBaseUser() > > In [4]: a.is_authenticated > Out[4]: CallableBool(False) > > In [5]: b.is_authenticated > Out[5]: CallableBool(True) > > In [6]: a.is_authenticated is False > Out[6]: False > > In [7]: a.is_authenticated == False > Out[7]: False > > In [8]: not a.is_authenticated > Out[8]: True > > In [9]: not b.is_authenticated > Out[9]: False > > In [10]: b.is_authenticated == False > Out[10]: False > > In [11]: b.is_authenticated == True > Out[11]: False > }}} New description: Just upgraded to 1.10, converted all {{{is_authenticated()}}} methods into {{{is_authenticated}}} properties as per the [https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is- authenticated-and-user-is-anonymous-as-methods Release Notes] and a test in my test suite failed. It turns out I was checking for a logged in user with {{{if request.user.is_authenticated is False:}}}, but the {{{is_authenticated}}} property is actually a {{{CallableBool}}} which cannot be tested with {{== False}}, {{is False}}, {{== True}} or {{is True}}. Checking this property only gives logical results with direct {{{if user.is_authenticated}}} or {{{if not user.is_authenticated}}}. This is very misleading and non-intuitive behaviour (at odds with [https://www.python.org/dev/peps/pep-0008/#programming-recommendations PEP8 (bottom of linked section)]) and should be fixed or strongly called out in the documentation. Example: {{{ In [1]: from django.contrib.auth.models import AnonymousUser, AbstractBaseUser In [2]: a = AnonymousUser() In [3]: b = AbstractBaseUser() In [4]: a.is_authenticated Out[4]: CallableBool(False) In [5]: b.is_authenticated Out[5]: CallableBool(True) In [6]: a.is_authenticated is False Out[6]: False In [7]: a.is_authenticated == False Out[7]: False In [8]: not a.is_authenticated Out[8]: True In [9]: not b.is_authenticated Out[9]: False In [10]: b.is_authenticated == False Out[10]: False In [11]: b.is_authenticated == True Out[11]: False }}} -- -- Ticket URL: <https://code.djangoproject.com/ticket/26988#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/071.827ed8406c1a29646f2792e00a95fad0%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.