On Mon, Mar 12, 2012 at 16:57, Clay McClure <c...@daemons.net> wrote: >[...] > New django projects can elect to use an entirely different pluggable auth >[...] > The pluggable-auth-apps fork is barely two days old, so it's still rough > around the edges, and I've almost certainly missed some things. I haven't >[...]
I'm sorry I don't know if I like that. I hope I understand correctly what you're doing, and that my criticism is seen as constructive. This sells itself as "pluggable auth" but really only provides the originally requested auth by email, and I don't see how it could go from there, i.e. what else would be possible (in regards to auth). Pulling username and email out of (Base)User and then bringing one or both of them - and the logic of which to check - back in, is not really a pluggable auth. It's the mixing of profile and information relevant to authentication (and authorization - is_staff?) that's another problem of the existing User model, and this is where this approach allows for dangerous developments. You've pulled those two out and said it's up to the chosen auth to decide a) which to even include in the User model b) which is used to authenticate and which is just "secondary" user (profile?) information. What about first_name and last_name? Why can't a pluggable auth dump those from the User model? And certainly an "auth" should get to have a say about "password". And then... there's not much left anymore in that (Base)User model, right... (GSoC: "reducing the user table to little more than an identifying primary key") Ok email auth problem solved. But now there's a simple way of providing any User model I like, so first thing I'm going to do is to bring in what I think the User should look like i.e. use the "auth" to define what really is a "profile". And so will lots of projects. "The User model needs a username for this app to work". "The User model needs a timezone for this app to work". etc. I'd like to see a later, "proper" auth.user that can undo that chaos. Cheers, Danny -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
