Hi all
I don't like this function that much. It doesn't actually check
whether users are authenticated - which is to say, they have presented
credentials which we have accepted and authorized them to use to the
site. Instead it always returns true. is_not_anonymous_user() may be a
better name.
User.is_authenticated() is documented like so:
"""
is_authenticated()
Always returns True. This is a way to tell if the user has been
authenticated. This does not imply any permissions, and doesn't check
if the user is active - it only indicates that the user has provided a
valid username and password.
""""
This is misleading, as it doesn't actually indicate that the user has
provided a valid username and password, since it always returns True.
There can be many ways that a user authenticates without having to
provide username and password, and User objects not automatically
instantiated by the auth middleware (eg, manually looking up a user)
haven't been authenticated at all.
Eg, this code:
def myview(request):
user = User.objects.all().order_by('?')[0]
user.is_authenticated()
At no point has that user object been authenticated, or supplied valid creds.
Obviously, this function cannot change in behaviour or name, so I
suggest altering the docs, dropping the clause about indicating that
the user has provided username and password to make it clearer what
this method does.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
