While working on a project that calls the `authenticate` function from contrib.auth directly, I noticed that the user_login_failed signal is sent from it but not user_logged_in.
I looked into the code and indeed, the user_logged_in signal is only sent from the higher-level `login` function. I would expect to be able to connect to either both signals or none. Since backends may call authenticate directly without going through login, perhaps it would be best to move the user_login_failed to `login` and let custom backends implement both signals manually if they need them.
What do you think?