#35492: Replace call to User.set_password with make_password in authenticate -------------------------------------+------------------------------------- Reporter: Natalia Bidart | Owner: nobody Type: | Status: new Cleanup/optimization | Component: contrib.auth | Version: dev Severity: Normal | Resolution: Keywords: | Triage Stage: | Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Comment (by אורי):
Replying to [comment:2 Claude Paroz]: > The call in `authenticate` is counting on the fact that `check_password` (itself calling `set_password`) ... I think `check_password` only calls `set_password` after validating the password, and only if the password is correct (`is_correct` is true), and also if `must_update` is true, so if the password is not valid and is validated by `set_password`, it will raise an exception only if the password is correct, and not always when there is no such user (if the username doesn't exist in the database). -- Ticket URL: <https://code.djangoproject.com/ticket/35492#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/0107018fceebcc8a-78ce8e86-9593-4f64-a84d-df572e5da40c-000000%40eu-central-1.amazonses.com.