#34032: Base authentication Backend should raise NotImplemented on needed
methods
-----------------------------------------+--------------------------------
Reporter: Dre Westcook | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 4.0
Severity: Normal | Keywords: authentication
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-----------------------------------------+--------------------------------
Hi all,
Recently I've been trying my hand at creating alternative sign on methods
for a django system and I've found the whole process fairly clean.
However I did reach bit of a time waste when my "code that should work,
doesn't" -- in my login view, I would `authenticate()` and `login()`
properly, but with a redirect response I would be an `AnonymousUser`
immediately after.
After two days of debugging and re-reading docs, I found that I missed out
a fairly critical sentence: "Authentication backends implements two
required methods". -- my authentication backend (of which I was replacing
the default) - did not implement `get_user()` so we would use the default
`BaseBackend.get_user()` which is to `return None`.
To me, it wasn't quite obvious why the authentication system needs to
implement get_user ( as i'd want to just get the user by pk like any
other) so this was a little bit of time wasting that I feel could be made
a bit more obvious. but I'm happy for other considerations.
Some ideas I had for changing this that might've saved time in the future:
* `BaseBackend` to implement a simple `get_user_model().objects.get(
_meta.pk=pk)` - seeming this is the default for most cases (as far as I
know?)
* `BaseBackend` to raise `NotImplemented` to force implementors to define
''these two required methods'' as that is what is mentioned in the docs
(https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#:~:text=implements%20two%20required%20methods)
* anyone requiring the failthrough approach so that one can auth and
get_user on different backends can just `pass` it
* something else
Happy for some thoughts /feedback / pushback. I just know that this was a
painpoint for me and it wasn't obvious where the `AnonymousUser` was
coming from. Perhaps it's just a documentation change.
--
Ticket URL: <https://code.djangoproject.com/ticket/34032>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018368293537-e07cb271-efac-4955-9843-81bfdc7173b3-000000%40eu-central-1.amazonses.com.
