I second the objections; my assumption when reading the line 'if request.user:' is that it's shorthand for 'if request.user is None', which is not the case.
Grepping a project's code for incorrect usage of 'request.user' is simple enough, so hopefully that will suffice. I don't recommend this because I think existing Django developers would find it confusing, but technically it would be possible to change or swap out instances of AnonymousUser via middleware, too. Lastly, this related ticket might be of interest: https://code.djangoproject.com/ticket/20313 Tobias *Tobias McNulty*Chief Executive Officer tob...@caktusgroup.com www.caktusgroup.com On Wed, May 31, 2017 at 12:56 PM, Tim Graham <timogra...@gmail.com> wrote: > My thoughts from the ticket, "The Django test suite passes with the change > but I feel like that could have some backwards compatibility concerns. Also > "explicit is better than implicit"? > > On Wednesday, May 31, 2017 at 12:44:51 PM UTC-4, Linus Lewandowski wrote: >> >> I suggest adding __bool__() method returning False to the AnonymousUser >> class. >> >> This way it'll be possible to check if the user is authenticated by >> simply writing "if request.user:" >> >> It's a frequent source of bugs (at least for me, but probably I'm not >> alone) that right now this code returns True for anonymous users. If >> unnoticed, such bugs can also lead to security issues. >> >> Related ticket: https://code.djangoproject.com/ticket/28259 >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-developers/0c20c042-cc34-4707-a3e0- > eed3ce2cf83d%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/0c20c042-cc34-4707-a3e0-eed3ce2cf83d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMGFDKQCfScbHYA8JfLtb2cDqt9Nz%3DA%3D8Qg9wJRhkz0sGju6GQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
