#34032: Base authentication Backend should raise NotImplemented on needed
methods
--------------------------------+--------------------------------------
Reporter: Dotrar | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 4.0
Severity: Normal | Resolution:
Keywords: authentication | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------+--------------------------------------
Description changed by Dotrar:
Old description:
> Hi all,
>
> Recently I've been trying my hand at creating alternative sign on methods
> for a django system and I've found the whole process fairly clean.
>
> However I did reach bit of a time waste when my "code that should work,
> doesn't" -- in my login view, I would `authenticate()` and `login()`
> properly, but with a redirect response I would be an `AnonymousUser`
> immediately after.
>
> After two days of debugging and re-reading docs, I found that I missed
> out a fairly critical sentence: "Authentication backends implements two
> required methods". -- my authentication backend (of which I was replacing
> the default) - did not implement `get_user()` so we would use the default
> `BaseBackend.get_user()` which is to `return None`.
>
> To me, it wasn't quite obvious why the authentication system needs to
> implement get_user ( as i'd want to just get the user by pk like any
> other) so this was a little bit of time wasting that I feel could be made
> a bit more obvious. but I'm happy for other considerations.
>
> Some ideas I had for changing this that might've saved time in the
> future:
> * `BaseBackend` to implement a simple `get_user_model().objects.get(
> _meta.pk=pk)` - seeming this is the default for most cases (as far as I
> know?)
> * `BaseBackend` to raise `NotImplemented` to force implementors to define
> ''these two required methods'' as that is what is mentioned in the docs
> (https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#:~:text=implements%20two%20required%20methods)
> * anyone requiring the failthrough approach so that one can auth and
> get_user on different backends can just `pass` it
> * something else
>
> Happy for some thoughts /feedback / pushback. I just know that this was a
> painpoint for me and it wasn't obvious where the `AnonymousUser` was
> coming from. Perhaps it's just a documentation change.
New description:
Hi all,
Recently I've been trying my hand at creating alternative sign on methods
for a django system and I've found the whole process fairly clean.
However I did reach bit of a time waste when my "code that should work,
doesn't" -- in my login view, I would `authenticate()` and `login()`
properly, but with a redirect response I would be an `AnonymousUser`
immediately after.
After two days of debugging and re-reading docs, I found that I missed out
a fairly critical sentence: "Authentication backends implements two
required methods". -- my authentication backend (of which I was replacing
the default) - did not implement `get_user()` so we would use the default
`BaseBackend.get_user()` which is to `return None`.
To me, it wasn't quite obvious why the authentication system needs to
implement get_user ( as i'd want to just get the user by pk like any
other) so this was a little bit of time wasting that I feel could be made
a bit more obvious.
Some ideas:
* `BaseBackend` to implement a simple `get_user_model().objects.get(
_meta.pk=pk)` - seeming this is the default for most cases (as far as I
know?)
* `BaseBackend` to raise `NotImplemented` to force implementors to define
''these two required methods'' as that is what is mentioned in the docs
(https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#:~:text=implements%20two%20required%20methods)
* anyone requiring the failthrough approach so that one can auth and
get_user on different backends can just `pass` it
* something else.
Happy for some thoughts/feedback/pushback. This was just a painpoint for
me while developing.
Perhaps it needs to be highlighted in the documentation?
--
--
Ticket URL: <https://code.djangoproject.com/ticket/34032#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070183684781be-2bc64ca9-eb92-4d53-924a-44963de05d50-000000%40eu-central-1.amazonses.com.
