Hello guys,
I want to discuss the current login workflow in django. As it is we need to
call `authenticate` before `login` because we need to set the
authentication backend in the user model. We can use login without
authenticate if we set the backend attr manually, but this need some
implementation knowledge of how authentication backends works.
*PROPOSAL*
*django.contrib.auth.login*
Only set the backend in the http session if the user has the attr.
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[HASH_SESSION_KEY] = session_auth_hashif hasattr(user,
'backend'):
request.session[BACKEND_SESSION_KEY] = user.backend
*django.contrib.auth.get_user*
If the backend is not set iterate over all the backends in
`settings.AUTHENTICATION_BACKENDS` and return the first found.
I can think in two drawbacks of this implementation but as far as my
knowledge goes neither of them is a big deal.
- Performance, in the worst case we are trying all the backends this
can take some time depending on the backend provider.
- Two backends can share the same user identifier and thus we will be
using the first declared in the settings.
What do you guys think?
Thanks,
Paulo Poiati.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CABqSV%3DLQUSa1Sv2V%2BYLibtvv7V32PxBB5%3DPP1-aOWuUa%2B14LAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
