#35492: Replace call to User.set_password with make_password in authenticate
-------------------------------------+-------------------------------------
Reporter: Natalia Bidart | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by אורי):
Replying to [comment:2 Claude Paroz]:
> The call in `authenticate` is counting on the fact that `check_password`
(itself calling `set_password`) ...
I think `check_password` only calls `set_password` after validating the
password, and only if the password is correct (`is_correct` is true), and
also if `must_update` is true, so if the password is not valid and is
validated by `set_password`, it will raise an exception only if the
password is correct, and not always when there is no such user (if the
username doesn't exist in the database).
--
Ticket URL: <https://code.djangoproject.com/ticket/35492#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018fceebcc8a-78ce8e86-9593-4f64-a84d-df572e5da40c-000000%40eu-central-1.amazonses.com.
