To take something constructive from this.. perhaps backend could be a property that raises a more meaningful exception when it is called the wrong way?
I'm not particularly for or against the idea.. but I know raising more meaningful exceptions is an issue that has received some attention previously. Thoughts anyone? On Fri, Sep 24, 2010 at 9:32 AM, David P. Novakovic <[email protected]> wrote: > Apart from being slightly offended at you posting a Joel Spolski link > to make a point, I'll address the actual issue at hand :P > > These docs pretty clearly show authenticate happening before login. > Both in examples and the actual docs. > > http://docs.djangoproject.com/en/dev/topics/auth/#how-to-log-a-user-in > > Notice in particular: > > """ > Calling authenticate() first > > When you're manually logging a user in, you must call authenticate() > before you call login(). authenticate() sets an attribute on the User > noting which authentication backend successfully authenticated that > user (see the backends documentation for details), and this > information is needed later during the login process. > """ > > The only time I could see this being a documentation issue is when > someone is implementing their own authenticate function but this > breaks the django convention if simply implementing a backend and > adding it to the list of auth backends and letting authenticate() > provide the actual authentication. > > So yep, unfortunately this is an issue for django-users. > > David > > > > On Fri, Sep 24, 2010 at 9:02 AM, Yo-Yo Ma <[email protected]> wrote: >> It is a problem with Django. I thought it was a problem with the code >> but it isn't. It's a problem with the documentation, or worse. An >> function of an API that requires running of another function to alter >> an object behind the scenes is an architectural problem that needs >> fixing. See http://www.joelonsoftware.com/articles/LeakyAbstractions.html >> - and furthermore, if the choice is made to leave problems like this >> unfixed, they should be documented as so. The current documentation >> here says, "It takes an HttpRequest object and a User object.". This >> isn't true, as as simple User object will not suffice. It should say, >> "It takes an HttpRequest object and a User object that has been run >> through the function authenticate() first to alter the auth backends >> that are attached as attributes to it.". >> >> This has very bad code smell, IMHO. >> >> On Sep 23, 3:47 pm, "David P. Novakovic" <[email protected]> >> wrote: >>> This probably should have been posted to django-users anyway. >>> >>> Chances are, getting a stacktrace like this one or the last error you >>> posted are actually problems with your code and not django itself. >>> >>> Unless you can show that it is actually a problem with django and not >>> the way you are using it, it'd be better addressed on django-users >>> first. >>> >>> David >>> >>> On Fri, Sep 24, 2010 at 5:41 AM, Jacob Kaplan-Moss <[email protected]> >>> wrote: >>> > On Thu, Sep 23, 2010 at 2:18 PM, Yo-Yo Ma <[email protected]> >>> > wrote: >>> >> Hey Jacob, understood. Here's some more details that might help: >>> > [snip] >>> >> if user.check_password(request.POST.get('password', >>> >> '')): >>> >> login(request, user) >>> >>> > As Santiago mentioned, you need to call authenticate() before calling >>> > login(). >>> > Seehttp://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth... >>> > for details. >>> >>> > Jacob >>> >>> > -- >>> > You received this message because you are subscribed to the Google Groups >>> > "Django developers" group. >>> > To post to this group, send email to [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]. >>> > For more options, visit this group >>> > athttp://groups.google.com/group/django-developers?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/django-developers?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
