subject:"\[Django\] #20589\: contrib.auth.handlers.modwsgi fails for some backends"

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

2013-06-18 Thread Django

#20589: contrib.auth.handlers.modwsgi fails for some backends
---+
 Reporter:  graham4django  |Owner:  nobody
 Type:  Bug|   Status:  new
Component:  contrib.auth   |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords:  handlers, modwsgi  | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by graham4django):

 How about using authenticate to try all django authentication provider
 (backends) and if authenticate fails use check_password.
 In that case failed authentications will still allow apache's other auth
 provider.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.a6c723069e055b8b34cb402a0964b9af%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

2013-06-12 Thread Django

#20589: contrib.auth.handlers.modwsgi fails for some backends
---+
 Reporter:  graham4django  |Owner:  nobody
 Type:  Bug|   Status:  new
Component:  contrib.auth   |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords:  handlers, modwsgi  | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by grahamd):

 Returning None allows Apache to try a different authentication provider if
 more than one was setup in Apache. The question is whether when using
 Django for authentication that people would even want to do that or
 whether one views Django as the only authoritative source.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.f816c277f8d9d862c3870352e8d89e61%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

2013-06-12 Thread Django

#20589: contrib.auth.handlers.modwsgi fails for some backends
---+
 Reporter:  graham4django  |Owner:  nobody
 Type:  Bug|   Status:  new
Component:  contrib.auth   |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords:  handlers, modwsgi  | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by bmispelon):

 * cc: bmispelon@… (added)


Comment:

 One issue (and probably the reason why `check_password` is implemented
 that way) is that, according to the mod_wsgi documentation [1], the
 handler function should return `None`, `True`, or `False` depending on
 whether the user exists in the database and whether the provided password
 is correct or not (respectively).

 With `authenticate`, we either get a user object or `None` which means we
 can't distinguish between a non-existing user and a bad password.

 I'm not sure how much of a problem it'd be to return `None` instead of
 `False` in case of an invalid password but it might break backwards-
 compatibility so we should tread carefully.

 [1]
 
http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Apache_Authentication_Provider

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.5d26f1b53cb0fd92aad63001cb66d31e%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

2013-06-12 Thread Django

#20589: contrib.auth.handlers.modwsgi fails for some backends
---+
 Reporter:  graham4django  |Owner:  nobody
 Type:  Bug|   Status:  new
Component:  contrib.auth   |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords:  handlers, modwsgi  | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by claudep):

 * needs_docs:   => 0
 * needs_better_patch:   => 0
 * needs_tests:   => 0
 * stage:  Unreviewed => Accepted


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.0d5ed5d7843effd78df53e394edf25a6%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

2013-06-11 Thread Django

#20589: contrib.auth.handlers.modwsgi fails for some backends
---+---
 Reporter:  graham4django  |  Owner:  nobody
 Type:  Bug| Status:  new
Component:  contrib.auth   |Version:  1.5
 Severity:  Normal |   Keywords:  handlers, modwsgi
 Triage Stage:  Unreviewed |  Has patch:  0
Easy pickings:  0  |  UI/UX:  0
---+---
 In contrib.auth.handlers.modwsgi authentication is implemented with a
 check_password function, which in turn is based on "user.check_password".
 However, this forces a check of the given password against the password
 stored in the database.

 For some backends like, e.g. django_auth_ldap, no usable password is
 stored in the database. Thus, this check will fail.

 Therefore the function should be implemented using a call to
 "authenticate", which will correctly verify the given password against the
 different authentication backends.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/056.334e596957699f0916002437ef295f30%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

Re: [Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

[Django] #20589: contrib.auth.handlers.modwsgi fails for some backends

5 matches

Site Navigation

Mail list logo

Footer information