[Django] #23896: set_password
Django
------------------------------+--------------------
Reporter: adontz | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
Recently I've implemented LDAP auth backend by myself and was confused by
not being able to add change_password/set_password functionality without
adding custom User model. Actually I think it is very common to delegate
password validation to some external service, like LDAP, SMTP, HTTP, etc.
while keeping User model as is. Also, providing custom user model will
force all applications to reference settings.AUTH_USER_MODEL which is
definitely correct, but forcing to do even correct thing does not look
nice for me.
So, the thing I want to discuss is support of some special methods on auth
backends like
{{{#!python
""" user is for User model instance here, not username string """
def set_password(user, new_password):
pass
""" user is for User model instance here, not username string """
def change_password(user, old_password, new_password):
pass
}}}
User model to call auth backend methods if defined.
So do I miss anything? Is my proposal correct?
--
Ticket URL: <https://code.djangoproject.com/ticket/23896>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
------------------------------+--------------------------------------
Reporter: adontz | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: 1.7
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by adontz):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/23896#comment:1>
Django
------------------------------+--------------------------------------
Type: New feature | Status: new
Component: contrib.auth | Version: 1.7
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Description changed by adontz:
Old description:
> Recently I've implemented LDAP auth backend by myself and was confused by
> not being able to add change_password/set_password functionality without
> adding custom User model. Actually I think it is very common to delegate
> password validation to some external service, like LDAP, SMTP, HTTP, etc.
> while keeping User model as is. Also, providing custom user model will
> force all applications to reference settings.AUTH_USER_MODEL which is
> definitely correct, but forcing to do even correct thing does not look
> nice for me.
>
> So, the thing I want to discuss is support of some special methods on
> auth backends like
>
> {{{#!python
> """ user is for User model instance here, not username string """
> def set_password(user, new_password):
> pass
>
> """ user is for User model instance here, not username string """
> def change_password(user, old_password, new_password):
> pass
> }}}
>
> User model to call auth backend methods if defined.
>
> So do I miss anything? Is my proposal correct?
New description:
Recently I've implemented LDAP auth backend by myself and was confused by
not being able to add change_password/set_password functionality without
adding custom User model. Actually I think it is very common to delegate
password validation to some external service, like LDAP, SMTP, HTTP, etc.
while keeping User model as is. Also, providing custom user model will
force all applications to reference settings.AUTH_USER_MODEL which is
definitely correct, but forcing to do even correct thing does not look
nice for me.
So, the thing I want to discuss is support of some special methods on auth
backends like
{{{#!python
""" user is for User model instance previously returned by this backend's
authenticate method """
def set_password(self, user, new_password):
pass
""" user is for User model instance previously returned by this backend's
authenticate method """
def change_password(self, user, old_password, new_password):
pass
}}}
User model to call auth backend methods if defined.
So do I miss anything? Is my proposal correct?
--
--
Ticket URL: <https://code.djangoproject.com/ticket/23896#comment:2>
Django
------------------------------+--------------------------------------
Type: New feature | Status: closed
Component: contrib.auth | Version: 1.7
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* status: new => closed
* resolution: => wontfix
Comment:
When logging in, we iterate through `settings.AUTHENTICATION_BACKENDS`
until we find one that successfully authenticates a user. It's not so
clear how a similar scheme for changing passwords might work. Changing the
API for `User.set_password()` to delegate to the auth backend seems
complicated and I believe there are [https://pythonhosted.org/django-auth-
ldap/users.html other LDAP backends] that are working without this change.
You might try looking at their code to see if they handle this issue in
any way. Any API proposal like this needs to be discussed on the
DevelopersMailingList first, so please try there if you still think this
is a good idea.
--
Ticket URL: <https://code.djangoproject.com/ticket/23896#comment:3>