[Django] #10378: authenticate() method should not continue on built-in or generic exceptions

Sat, 28 Feb 2009 06:31:54 -0800 

#10378: authenticate() method should not continue on built-in or generic 
exceptions
------------------------------------+---------------------------------------
 Reporter:  bendavis78              |       Owner:  nobody    
   Status:  new                     |   Milestone:            
Component:  Uncategorized           |     Version:  1.0       
 Keywords:  authenticate TypeError  |       Stage:  Unreviewed
Has_patch:  0                       |  
------------------------------------+---------------------------------------
 from django.contrib.auth,  in authenticate():
 {{{
     for backend in get_backends():
         try:
             user = backend.authenticate(**credentials)
         except TypeError:
             # This backend doesn't accept these credentials as arguments.
 Try the next one.
             continue
         if user is None:
             continue
 }}}

 The authenticate method makes an assumption about the meaning of a
 !TypeError,  being that "this backend doesn't accept these credentials as
 arguments". It ''should'' use a custom exception type where the meaning is
 more specific, such as !AuthInvalidCredentials or something.

 The reasoning behind this is that when creating your own authentication
 backend,  it's possible to do some things that unexpectedly raise a more
 generic exception, such as !TypeError.  This can produce some very
 unexpected results, as this will cause your backend to be "skipped" when
 it shouldn't have been.

 Granted,  I could work around this by catching !TypeError within the
 backend,  but the backend developer shouldn't have to know that he/she
 needs to do that.  Plus, the developer would have to go through some hoops
 to actually see the exception that was caught (eg, extracting traceback
 info from sys.exc_info())

-- 
Ticket URL: <http://code.djangoproject.com/ticket/10378>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to