Re: [Django] #16262: ValueError when authenticating

Sun, 19 Jun 2011 04:09:00 -0700 

#16262: ValueError when authenticating
------------------------------------+------------------------------
               Reporter:  mitar     |          Owner:  nobody
                   Type:  Bug       |         Status:  reopened
              Milestone:            |      Component:  contrib.auth
                Version:  1.3       |       Severity:  Normal
             Resolution:            |       Keywords:  auth backend
           Triage Stage:  Accepted  |      Has patch:  1
    Needs documentation:  0         |    Needs tests:  1
Patch needs improvement:  0         |  Easy pickings:  0
                  UI/UX:  0         |
------------------------------------+------------------------------
Changes (by mitar):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 Can you please read my initial ticket description. What I am explaining is
 that I would like to have a chain of backends (as it is documented that I
 can have) and some of them can have different password/hash scheme
 (completely different to what it is in `models.py`). Now, the problem is,
 that Django's `check_password` throws an exception (instead of returning
 `False`) when encountering a password/hash scheme it does not know how to
 parse, preventing other backends to run. So this is clearly a bug as:
 `check_password` is throwing an exception when the API says it will return
 only `True` or `False` and as it practically makes chains of backends
 useless. Of couse, backends could use some other field/database to
 authenticate, but they could also use the same field in the database,
 extending the range of possible hashing algorithms/schemes. And this is
 currently not possible because of the lacking simple try/except in the
 function.

 I really do not understand what is problem with adding a simple try/except
 around which would make things more robust, extendable and thus usable?
 What is argument against adding it?

 BTW, I am talking about cyrpt scheme and not Django scheme. And crypt
 scheme can have zero (for legacy) or three dollar characters. Check your
 local `/etc/shadow` file.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/16262#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to