Re: [Django] #34032: Base authentication Backend should raise NotImplemented on needed methods

[Django]

#34032: Base authentication Backend should raise NotImplemented on needed 
methods
-------------------------------------+-------------------------------------
     Reporter:  Dre Westcook         |                    Owner:
         Type:                       |  piyushdivyankar1994
  Cleanup/optimization               |                   Status:  closed
    Component:  contrib.auth         |                  Version:  4.0
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:  authentication       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Dre Westcook):

 Replying to [comment:6 Mariusz Felisiak]:
 > Thanks for the ticket, however `BaseBackend` methods return `None` as
 it's the proper value for invalid credentials, see
 
[https://docs.djangoproject.com/en/stable/ref/contrib/auth/#django.contrib.auth.backends.BaseBackend
 docs]:
 >
 > > ''"A base class that provides default implementations for all required
 methods. By default, it will reject any user and provide no
 permissions."''
 >
 > Unfortunately, both your propositions are backward incompatible and
 against the current docs. Hope it makes sense.

 Hey thanks for the response. I wanted to have more of a discussion, I
 wasn't ready to put it in code or even if that was the solution.

 my point is the docs seem very unclear, and **rely on 3 small words**''.

 Here's some better suggestions, to improve documentation rather than
 changing code:

 * in the docs that you link: `BaseBackend` should mention explicitly that
 `authenticate()` and `get_user()` return none, in the same "list" style as
 `get_user_permissions()` and `get_group_permissions` is described.
 
https://docs.djangoproject.com/en/4.1/ref/contrib/auth/#django.contrib.auth.backends.BaseBackend
 * in the **Writing an authentication backend** , the code example should
 include the `get_user` definition.
 [https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#writing-
 an-authentication-backend].

 The point is that the only time it's mentioned that a backend needs to
 implement both methods is in that first sentence. Every other code example
 and explanation does not indicate that both are needed.

 Hope that makes sense.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/34032#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/010701836cb5aa84-97a8933f-e655-4038-b739-349aaaafb902-000000%40eu-central-1.amazonses.com.