[Django] #23847: Minor Problem with Auth Documentation
Django
-------------------------------+--------------------
Reporter: xmnr | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Hello,
In the Django documentation about the authentication system, there are
several snippets of code which may mislead the uninitiated.
https://docs.djangoproject.com/en/1.7/topics/auth/default/#auth-web-
requests
For instance:
def email_check(user):
return '@example.com' in user.email
This is later used by user_passes_test() to authorize a user.
This is a very clear example, but if put into production it would be a
security liability because it doesn't prevent a user from registering with
the email "hac...@example.com.evil.net", or with the upcoming
"hac...@example.computer". I think most developers are wiser than that,
but a novice may not be.
I think this should be emended with the use of
user.email.endswith("@example.com")
--
Ticket URL: <https://code.djangoproject.com/ticket/23847>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: xmnr | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by erikr):
* needs_docs: => 1
* needs_better_patch: => 0
* type: Uncategorized => Cleanup/optimization
* needs_tests: => 0
* stage: Unreviewed => Accepted
Comment:
Makes sense to me. Our documentation should always give the best possible
example. Could you make a pull request with all the example changes you
think we should make?
--
Ticket URL: <https://code.djangoproject.com/ticket/23847#comment:1>
Django
Reporter: xmnr | Owner:
Type: | berkerpeksag
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.7
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by berkerpeksag):
* owner: nobody => berkerpeksag
* needs_docs: 1 => 0
* has_patch: 0 => 1
* status: new => assigned
Comment:
https://github.com/django/django/pull/3629
--
Ticket URL: <https://code.djangoproject.com/ticket/23847#comment:2>
Django
Reporter: xmnr | Owner:
Type: | berkerpeksag
Component: Documentation | Version: 1.7
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Erik Romijn <eromijn@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"87bd13617c57a806deb550e3af1c06ce00517a9c"]:
{{{
#!CommitTicketReference repository=""
revision="87bd13617c57a806deb550e3af1c06ce00517a9c"
Fixed #23847 -- Improved the email_check example in the auth
documentation.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23847#comment:3>
Django
Reporter: xmnr | Owner:
Type: | berkerpeksag
Cleanup/optimization | Status: closed
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Erik Romijn <eromijn@…>):
In [changeset:"8819f6f7c9ffb78a13ed3e19803d89b6637358c6"]:
{{{
#!CommitTicketReference repository=""
revision="8819f6f7c9ffb78a13ed3e19803d89b6637358c6"
[1.7.x] Fixed #23847 -- Improved the email_check example in the auth
documentation.
Backport of 87bd13617c57a806deb550e3af1c06ce00517a9c from master.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23847#comment:4>