[Django] #35530: `django.contrib.auth.login` inconsistently guards `request.user`

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
------------------------------------------------+------------------------
Reporter: Jaap Roes | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.auth | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
In
https://github.com/django/django/blob/a0c44d4e23f8f509757f97f28fbbb1ced3382361/django/contrib/auth/__init__.py#L102-L152
`request.user` is accessed twice.

The first time here:

https://github.com/django/django/blob/a0c44d4e23f8f509757f97f28fbbb1ced3382361/django/contrib/auth/__init__.py#L109-L110

The second time here:

https://github.com/django/django/blob/a0c44d4e23f8f509757f97f28fbbb1ced3382361/django/contrib/auth/__init__.py#L149-L150

The first time there is no `hasattr` guard to verify if the `request`
object has a `user` attribute. The second time there is.

Is the `hasattr` check in the second case redundant? Or should the first
case be guarded as well?
--
Ticket URL: <https://code.djangoproject.com/ticket/35530>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`

-------------------------------------+-------------------------------------

Reporter: Jaap Roes | Owner: nobody

Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Comment (by Jaap Roes):

In addition; the first check seems to operate on the assumption that if
`user` is `None` then `request.user` **must** be a valid user. If
`request.user` is `None` or `AnonymousUser` the code after it will fail.
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:1>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody

Type: | Status: closed

Cleanup/optimization |
Component: contrib.auth | Version: dev

Severity: Normal | Resolution: invalid

Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Natalia Bidart):

* resolution: => invalid
* status: new => closed

Comment:

Hello! Thank you for taking the time to create this ticket. I can see how
the code seems confusing, and I don't have an answer for you without
getting deep into the code. I would recommend the following if you are
interested in answering the questions you are proposing:

1. change the code and run the Django tests, see what fails, that could
provide answers about the use cases
2. ask in any of the user support channels listed in
[https://docs.djangoproject.com/en/dev/faq/help/#how-do-i-do-x-why-
doesn-t-y-work-where-can-i-go-to-get-help this link].

Following the
[https://docs.djangoproject.com/en/dev/internals/contributing/triaging-
tickets/#closing-tickets ticket triaging process], I'd need to close this
ticket as `invalid` because is not clear that this is an issue in Django.
If you can provide a small Django project or a failing test case showing
how the code triggers an error or has a bug, I'll be happy to re-open.

Thank you!
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:2>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jaap Roes):

Thanks. The reason I filed this issue is because I tasked myself with
describing how Django's authentication and login flow works. This bit
stuck out as particularly confusing and basically unexplainable. I haven't
been able to come up with a rational use case where passing in `None` for
the `user` argument will make `login` behave in a way that I would expect.

I removed the confusing bit:

{{{
if user is None:
user = request.user
}}}

then ran the tests again.

The only test that breaks is
[https://github.com/django/django/blob/20c2d625d3d5062e43918d1d7b6f623202491dd4/tests/async/test_async_auth.py#L36-L43
async def test_alogin_without_user(self):], which is a test for the async
wrapper of this function.

Based on this test I have created another testcase that shows the issue
when `request.user` is `AnonymousUser` (which is common when
`AuthenticationMiddleware` is used).

{{{
async def test_alogin_without_user_anonymous_request(self):
request = HttpRequest()
request.user = AnonymousUser()
request.session = await self.client.asession()
await alogin(request, None)
user = await aget_user(request)
self.assertIsInstance(user, User)
self.assertEqual(user.username, self.test_user.username)
}}}

This will fail with an `AttributeError: 'AnonymousUser' object has no
attribute '_meta'`.

Another way this function will fail is when `request.user` is absent (i.e.
`AuthenticationMiddleware` is not in use):

{{{
async def test_alogin_without_user_or_request_user(self):
request = HttpRequest()
request.session = await self.client.asession()
await alogin(request, None)
user = await aget_user(request)
self.assertIsInstance(user, User)
self.assertEqual(user.username, self.test_user.username)
}}}

This will fail with an `AttributeError: 'HttpRequest' object has no
attribute 'user'`.

Setting `request.user = None` and passing in `user=None` will do the same
thing as just removing the `if user is None` test and fail with
`AttributeError: 'NoneType' object has no attribute '_meta'`.

There seems no real reason for this behaviour to exists. The only thing
touching this code in the Django code base is a recently added test for
the async wrapper. The code branch only works in very specific
circumstances, and does not fail gracefully if these circumstances are not
met.

Not sure if this is enough background to make you open this ticket again?
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:3>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jaap Roes):

Just to be clear, these tests I provided are not supposed to pass. They're
just examples of reasonable scenarios that break as soon as the `user`
argument to `login` is `None`.

Calling `login` with `None` just doesn't make sense in my opinion. The
function signature also doesn't imply that the user is optional, or
allowed to be `None` in the first place.
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:4>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody

Type: | Status: new

Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jaap Roes):

* has_patch: 0 => 1
* resolution: invalid =>
* status: closed => new

Comment:

I've decided to deprecate the `request.user` fallback path (see linked
PR). If anyone depends on this behaviour it should be possible to migrate
to a pattern where login is called with a user, instead of setting it on
the request and calling login without one.
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:5>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody

Type: | Status: closed

Cleanup/optimization |
Component: contrib.auth | Version: dev

Severity: Normal | Resolution: needsinfo

Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* cc: Jacob (added)
* resolution: => needsinfo

* status: new => closed

Comment:

I agree that, looking at the docs for
[https://docs.djangoproject.com/en/5.0/topics/auth/default/#django.contrib.auth.login
login], this `user=None` shouldn't be accepted, and in the example code,
there is a guard after `authenticate` (which can return None for user).
This is a good sign that we might be able to remove this.

However, this code was added a long time ago
aab3a418ac9293bb4abd7670f65d930cb0426d58 (roughly 18 years old)
It is likely **someone** is using this. This should roughly "work" for
example

{{{#!python

@login_required
def change_account(request):
# This view is when some user has access to multiple accounts.
username = request.POST["username"]
password = request.POST["password"]
user = authenticate(request, username=username, password=password)
login(request, user)
if user is not None:
# Redirect to a success page.
...
else:
# Return an 'invalid login' error message
# but I am still logged in as the original user.
...
}}}

I would love to hear some opinions of people who have written custom
authentication backends (maybe the maintainer of django-allauth) or others
who might remember some of the history of this before we precede here as I
think the value gained here (removing ~2 lines) is very small.

Can you discuss this on the [https://forum.djangoproject.com/c/internals/5
Django Forum]? Check if the community is in agreement to do this?
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:6>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jaap Roes):

Thanks, I'll look into making a post on the forum.

Note that in the PR I've only deprecated the current "happy path". That
should shake out any project that's relying on it. The way to mitigate any
fallout is adding a guard before the call to login, so the inconvenience
seems minor.

Regarding the value gained. The current login function in Django has a
code path that, as far we can tell, doesn't need to be there for any true
valid reason. This is a security critical function, and I'd feel a lot
better if it didn't have unexplained behaviour.
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:7>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jaap Roes):

Made a post in the forum, but that has not gained any feedback.

The patch I proposed only deprecates this path, so that should give people
relying on this behaviour ample time to fix their code (I doubt there are
any).
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:8>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`

--------------------------------------+------------------------------------

Reporter: Jaap Roes | Owner: nobody

Type: Cleanup/optimization | Status: new

Component: contrib.auth | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by Natalia Bidart):

* resolution: needsinfo =>
* stage: Unreviewed => Accepted

* status: closed => new

Comment:

Hello Jaap, I have re-reviewed your proposal and I think it makes sense. I
will accept this ticket and provide a review for your PR.

Can you please paste here the link to the forum conversation?
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:9>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`

-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |

Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):

* owner: nobody => Jaap Roes
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:10>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):

* needs_better_patch: 0 => 1
* needs_docs: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:11>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jacob Walls):

[https://forum.djangoproject.com/t/what-should-django-contrib-auth-login-
request-none-do/32525 Forum post]
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:12>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jaap Roes):

* needs_better_patch: 1 => 0
* needs_docs: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:13>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:14>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jaap Roes):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:15>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:16>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jaap Roes):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:17>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Ready for
| checkin

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:18>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes

Type: | Status: closed

Cleanup/optimization |
Component: contrib.auth | Version: dev

Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce <42296566+sarahboyce@…>):

* resolution: => fixed
* status: assigned => closed

Comment:

In [changeset:"ceecd518b19044181a3598c55ebed7c2545963cc" ceecd518]:
{{{#!CommitTicketReference repository=""
revision="ceecd518b19044181a3598c55ebed7c2545963cc"
Fixed #35530 -- Deprecated request.user fallback in auth.login and
auth.alogin.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:20>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes

Type: | Status: assigned

Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Sarah Boyce <42296566+sarahboyce@…>):

In [changeset:"28b9b8d6d900feea731d0724b996959a73ff33b5" 28b9b8d]:
{{{#!CommitTicketReference repository=""
revision="28b9b8d6d900feea731d0724b996959a73ff33b5"
Refs #35530 -- Added basic test cases for auth.login.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:19>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes

Type: | Status: closed

Cleanup/optimization |
Component: contrib.auth | Version: dev

Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sarah Boyce <42296566+sarahboyce@…>):

In [changeset:"b3166e1e15824aedb7a609dfda18ef36ea023d06" b3166e1e]:
{{{#!CommitTicketReference repository=""
revision="b3166e1e15824aedb7a609dfda18ef36ea023d06"
Refs #35530 -- Corrected deprecation message in auth.alogin().

Follow up to ceecd518b19044181a3598c55ebed7c2545963cc.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:21>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sarah Boyce <42296566+sarahboyce@…>):

In [changeset:"9c9ed6fd7a8399113a18b979c8cd6f04cfbfa30b" 9c9ed6fd]:
{{{#!CommitTicketReference repository=""
revision="9c9ed6fd7a8399113a18b979c8cd6f04cfbfa30b"
[5.2.x] Refs #35530 -- Corrected deprecation message in auth.alogin().

Follow up to ceecd518b19044181a3598c55ebed7c2545963cc.

Backport of b3166e1e15824aedb7a609dfda18ef36ea023d06 from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:22>

[Django]

#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: Jaap Roes
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by nessita <124304+nessita@…>):

In [changeset:"32e266dc5b756b52e6db4f4f453f51274aa9234e" 32e266dc]:
{{{#!CommitTicketReference repository=""
revision="32e266dc5b756b52e6db4f4f453f51274aa9234e"
Refs #35530 -- Removed request.user or auser() fallback in auth.login and
auth.alogin.

Per deprecation timeline.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:23>