Re: [Django] #16262: ValueError when authenticating

[Django]

#16262: ValueError when authenticating
------------------------------------+------------------------------
               Reporter:  mitar     |          Owner:  nobody
                   Type:  Bug       |         Status:  reopened
              Milestone:            |      Component:  contrib.auth
                Version:  1.3       |       Severity:  Normal
             Resolution:            |       Keywords:  auth backend
           Triage Stage:  Accepted  |      Has patch:  1
    Needs documentation:  0         |    Needs tests:  1
Patch needs improvement:  0         |  Easy pickings:  0
                  UI/UX:  0         |
------------------------------------+------------------------------
Changes (by mitar):

 * status:  closed => reopened
 * resolution:  needsinfo =>


Comment:

 Isn't one of Django's principles also loose coupling? I think that in this
 particular case it means that the password field of User model could
 contain something else than what Django is expecting. OK, it is normal
 that `check_password` function cannot be magical and validate the password
 if the field contains garbage (from its perspective). But it should also
 not blow up.

 Crypt was just an example, the same holds also for apr1 (Apache runtime)
 hashing algorithm. Or any other value I would like to store in the
 password field of User model which might not contain exactly two `$`.

 So concrete case: I cannot store this value
 `$1$JDE7PpXQ$8bV7aOArT3P91NHFaI7vpg` in the password field of the User
 model. And my other authentication backend knows what to do with that. But
 my authentication backend is never called because Django's one throws an
 exception. I also cannot store `$apr1$HSSoQQ2h$1S454HzbLe/ewAAWhmSnv.` to
 use in another of my backends.

 I really do not understand why it is so hard to add that try/except
 around? It would allow Django users to have their own values in the
 password field. It is just something useful and good.

 (Reopened as I have provided concrete case in which the code explodes.)

-- 
Ticket URL: <https://code.djangoproject.com/ticket/16262#comment:13>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.