[Django] #28207: Bug in contrib.auth.authenticate
Django
-------------------------------------+-------------------------------------
Reporter: Tamas | Owner: nobody
Szabo |
Type: | Status: new
Uncategorized |
Component: Core | Version: 1.11
(Management commands) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Django 1.11 introduced the new `request` positional argument for the
`authenticate` method.
Unfortunately, it looks like the implementation has a bug. The credentials
parameter received by the function can be mutated to adapt the keyword
arguments when calling the backend:
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L92
However, the variable isn't reset at the top of the loop (like `args` is)
so the following backend(s) will be processed as if `request` was in the
`**credentials`` dictionary.
As a result both
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L72
and
https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L77
will always fail with type errors, because the `request` argument is
passed in twice into them.
--
Ticket URL: <https://code.djangoproject.com/ticket/28207>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Type: Uncategorized | Status: new
Component: Core (Management | Version: 1.11
commands) |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tamas Szabo):
Test that fails because of the bug described:
https://github.com/sztamas/django/commit/74cc4d6cce6d83d72392ba5b371e004746e59c66
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:1>
Django
-------------------------------------+-------------------------------------
Type: Uncategorized | Status: new
Component: Core (Management | Version: 1.11
commands) |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tamas Szabo):
[https://github.com/django/django/pull/8505 PR] with extra unit test and
proposed fix.
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:2>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* severity: Normal => Release blocker
* component: Core (Management commands) => contrib.auth
* has_patch: 0 => 1
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:3>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"3008f30f194af386c354416be4c483f0f6b15f33" 3008f30f]:
{{{
#!CommitTicketReference repository=""
revision="3008f30f194af386c354416be4c483f0f6b15f33"
Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth
backends don't accept a request.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:4>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"d945b7e42a8d45cb13b1bd0420b420cf563482f1" d945b7e]:
{{{
#!CommitTicketReference repository=""
revision="d945b7e42a8d45cb13b1bd0420b420cf563482f1"
[1.11.x] Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple
auth backends don't accept a request.
Backport of 3008f30f194af386c354416be4c483f0f6b15f33 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:5>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Daniel Hahler):
This causes a `TypeError` with Social Auth's Django app.
See https://github.com/django/django/pull/8533.
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:6>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"a3ba2662cdaa36183fdfb8a26dfa157e26fca76a" a3ba2662]:
{{{
#!CommitTicketReference repository=""
revision="a3ba2662cdaa36183fdfb8a26dfa157e26fca76a"
Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the
credentials.
Regression in 3008f30f194af386c354416be4c483f0f6b15f33.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:7>
Django
backends don't accept a position request argument
---------------------------------+------------------------------------
Reporter: Tamas Szabo | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"a810f4aa04d205afba39903a141422cdbc945667" a810f4aa]:
{{{
#!CommitTicketReference repository=""
revision="a810f4aa04d205afba39903a141422cdbc945667"
[1.11.x] Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is
in the credentials.
Regression in 3008f30f194af386c354416be4c483f0f6b15f33.
Backport of a3ba2662cdaa36183fdfb8a26dfa157e26fca76a from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28207#comment:8>