#19337: Authentication backend iteration should not rely on TypeError for
detection
------------------------------+--------------------
Reporter: rubyruy | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
[https://github.com/django/django/blob/1.5a1/django/contrib/auth/__init__.py#L60
This line here] is the problem area. Basically it means that if at any
point during the authentication process a TypeError is raised (which is
not exactly unlikely) django will simply eat that error, attempt to
authenticate, mysteriously fail to to do so and then give the exasperated
developer few clues as to why authentication didn't actually happen
despite the lack of log messages or exceptions claiming otherwise.
Relying on such generic exceptions for what basically amounts to flow
control (in essence all we're trying to do here is allow the backend to
signal to django that it doesn't support these credentials) is, IMHO,
asking for trouble.
Why can't we simply rely on returning None (as is already the case) or
perhaps an explicit value or exception?
Yes this would be a backwards incompatible change but it can be stretched
over several releases and warned against using deprecation messages as
with other such changes.
--
Ticket URL: <https://code.djangoproject.com/ticket/19337>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
