Apart from being slightly offended at you posting a Joel Spolski link to make a point, I'll address the actual issue at hand :P
These docs pretty clearly show authenticate happening before login. Both in examples and the actual docs. http://docs.djangoproject.com/en/dev/topics/auth/#how-to-log-a-user-in Notice in particular: """ Calling authenticate() first When you're manually logging a user in, you must call authenticate() before you call login(). authenticate() sets an attribute on the User noting which authentication backend successfully authenticated that user (see the backends documentation for details), and this information is needed later during the login process. """ The only time I could see this being a documentation issue is when someone is implementing their own authenticate function but this breaks the django convention if simply implementing a backend and adding it to the list of auth backends and letting authenticate() provide the actual authentication. So yep, unfortunately this is an issue for django-users. David On Fri, Sep 24, 2010 at 9:02 AM, Yo-Yo Ma <[email protected]> wrote: > It is a problem with Django. I thought it was a problem with the code > but it isn't. It's a problem with the documentation, or worse. An > function of an API that requires running of another function to alter > an object behind the scenes is an architectural problem that needs > fixing. See http://www.joelonsoftware.com/articles/LeakyAbstractions.html > - and furthermore, if the choice is made to leave problems like this > unfixed, they should be documented as so. The current documentation > here says, "It takes an HttpRequest object and a User object.". This > isn't true, as as simple User object will not suffice. It should say, > "It takes an HttpRequest object and a User object that has been run > through the function authenticate() first to alter the auth backends > that are attached as attributes to it.". > > This has very bad code smell, IMHO. > > On Sep 23, 3:47 pm, "David P. Novakovic" <[email protected]> > wrote: >> This probably should have been posted to django-users anyway. >> >> Chances are, getting a stacktrace like this one or the last error you >> posted are actually problems with your code and not django itself. >> >> Unless you can show that it is actually a problem with django and not >> the way you are using it, it'd be better addressed on django-users >> first. >> >> David >> >> On Fri, Sep 24, 2010 at 5:41 AM, Jacob Kaplan-Moss <[email protected]> >> wrote: >> > On Thu, Sep 23, 2010 at 2:18 PM, Yo-Yo Ma <[email protected]> wrote: >> >> Hey Jacob, understood. Here's some more details that might help: >> > [snip] >> >> if user.check_password(request.POST.get('password', >> >> '')): >> >> login(request, user) >> >> > As Santiago mentioned, you need to call authenticate() before calling >> > login(). >> > Seehttp://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth... >> > for details. >> >> > Jacob >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Django developers" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group >> > athttp://groups.google.com/group/django-developers?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
