Re: [Django] #36837: Client.force_login won't work for permission-only backends inheriting from BaseBackend

Fri, 09 Jan 2026 11:42:10 -0800 

#36837: Client.force_login won't work for permission-only backends inheriting 
from
BaseBackend
-------------------------------------+-------------------------------------
     Reporter:  Christian Hartung    |                    Owner:  (none)
         Type:  New feature          |                   Status:  closed
    Component:  contrib.auth         |                  Version:  6.0
     Severity:  Normal               |               Resolution:
                                     |  needsnewfeatureprocess
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):

 * has_patch:  1 => 0
 * resolution:   => needsnewfeatureprocess
 * status:  new => closed
 * type:  Cleanup/optimization => New feature

Comment:

 Another option is to statically declare that `get_user()` returns `None`
 without having to call it to find out. Not so ordinary, but we have a
 precedent in Django of doing this, see the
 [https://docs.djangoproject.com/en/6.0/topics/serialization/#dependencies-
 during-serialization doc'd way] to declare a dependency on the
 `natural_key` method.

 Then with a small-scoped change in `force_login()`, a rules backend could
 do:

 {{{#!py
 get_user.noop = True
 }}}

 It's a lot like your option 1, but it seems like a smaller lift.

 I don't think the linked PR (which calls `get_user()`) is acceptable, for
 the reason you articulate (introduces db queries, defeating the point of
 the test utility).

 A tiny hint for the test client seems like a not disruptive change for the
 auth backends. It is new API, though, so we need a new features discussion
 to make sure we're not missing anything. It would also be nice to know if
 `django-rules` and `django-guardian` are willing to use the feature we
 build for them here.

 My recommendation is to kick off a [https://github.com/django/new-features
 new-features] discussion. Thanks.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36837#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019ba447b265-0f2d282e-d074-4974-9a27-0337af1a3f4f-000000%40eu-central-1.amazonses.com.

Reply via email to