Hi Raffi, Thanks for taking the time to report this. Can you please file an issue at https://code.djangoproject.com/? The people who deal with triaging and fixing bugs may not be following the django-users list.
Thanks! René On 04/07/2017 03:43 PM, Raffi Enficiaud wrote: > Hi Django list! > > I am using a django-crowd authentication backend and the deployment > today was not working with our setup. I nailed it down to the fact that > the backward compatibility is not working as expected for 1.11 for the > authenticate method: > > https://docs.djangoproject.com/en/1.11/topics/auth/default/#django.contrib.auth.authenticate > > Step to reproduce: > - add an authentication backend using Django < 1.11 API at the end of > the authentication backend list supplied by AUTHENTICATION_BACKENDS. At > the end, or at least not in the first position, is important here > - try to log in with a user in this backend > > Expected result: > - the authenticate method is called for this authentication backend > > What happens: > - the authentication backend is discarded as it does not (supposedly) > have the right API. It works as expected if the authentication backend > is first in the list. > > Bug explanation: > * the credential dictionary is polluted by the "request" argument after > the first iteration in django/contrib/auth/__init__.py line 92 > * after the first loop, all calls to > "inspect.getcallargs(backend.authenticate, **credentials)" (line 81, > same file) with the Django <= 1.10 API can only fail because they raise > the exception TypeError indicating that they do not support this API > > The fix needs to move to the new API, I think it should at least be > advertised as a breaking change in the release notes, or this bug should > be fixed by not adding the "request" to the "credentials" dict. > > Thanks for the wonderful work on Django, I am so much in love with this! > > Best regards, > Raffi Enficiaud > > -- > You received this message because you are subscribed to the Google > Groups "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to django-users+unsubscr...@googlegroups.com > <mailto:django-users+unsubscr...@googlegroups.com>. > To post to this group, send email to django-users@googlegroups.com > <mailto:django-users@googlegroups.com>. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/18df46d6-aeab-4cd0-8c2a-7cdaa4d78469%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/18df46d6-aeab-4cd0-8c2a-7cdaa4d78469%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- René Fleschenberg Am Stadtgarten 28, 45276 Essen, Germany Phone: +49 1577 170 7363 E-Mail: r...@fleschenberg.net -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1024611c-9806-a683-890b-f8c547db8740%40fleschenberg.net. For more options, visit https://groups.google.com/d/optout.
