Could you elaborate on what use case you are trying to solve? On Friday, May 22, 2015 at 11:36:21 AM UTC-4, poiati wrote: > > Hello guys, > > I want to discuss the current login workflow in django. As it is we need > to call `authenticate` before `login` because we need to set the > authentication backend in the user model. We can use login without > authenticate if we set the backend attr manually, but this need some > implementation knowledge of how authentication backends works. > > *PROPOSAL* > > *django.contrib.auth.login* > Only set the backend in the http session if the user has the attr. > > request.session[SESSION_KEY] = user._meta.pk.value_to_string(user) > request.session[HASH_SESSION_KEY] = session_auth_hashif hasattr(user, > 'backend'): > request.session[BACKEND_SESSION_KEY] = user.backend > > > *django.contrib.auth.get_user* > > If the backend is not set iterate over all the backends in > `settings.AUTHENTICATION_BACKENDS` and return the first found. > > > I can think in two drawbacks of this implementation but as far as my > knowledge goes neither of them is a big deal. > > > - Performance, in the worst case we are trying all the backends this can take > some time depending on the backend provider. > > > - Two backends can share the same user identifier and thus we will be using > the first declared in the settings. > > > What do you guys think? > > > Thanks, > > Paulo Poiati. > > > > > > >
-- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fbbd5579-a5e9-4370-8943-75204f334016%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
