One advantage of authenticate() is that it isn't coupled to a request and is roughly stateless. Maybe an authenticate_and_login() would be nice. :)
On Friday, May 22, 2015 at 12:21:15 PM UTC-4, James Brewer wrote: > > Hey Paulo, > > As you mentioned, the raw password should still be present in the form, > along with the username. You can use these as parameters for > `authenticate()`. > > More to your original point, I would be interested in knowing why > `authenticate()` and `login()` are separate methods. There is no > information on this in the docs (that I could find). Is there a use case > where you want to authenticate a user without logging them in? > > On Fri, May 22, 2015 at 8:57 AM, Paulo Gabriel Poiati <[email protected] > <javascript:>> wrote: > >> Maybe this is not the perfect example because we have the plain password >> in the form. Another one is if a backoffice user can log as any user of the >> system. >> >> On Fri, May 22, 2015 at 12:53 PM Paulo Gabriel Poiati < >> [email protected] <javascript:>> wrote: >> >>> Of course Tim, >>> >>> One instance is if you need to login the user after registration: >>> >>> class RegistrationView(CreateView): >>> ... >>> def form_valid(self, form): >>> user = form.save() >>> login(self.request, user) >>> # redirect >>> >>> >>> I don't have the user password because it's an one way hash and thus I >>> can't call `authenticate`. The only solution I can think is hacking the >>> auth system (setting the backend manually in the user model). >>> >>> >>> On Fri, May 22, 2015 at 12:44 PM Tim Graham <[email protected] >>> <javascript:>> wrote: >>> >>>> Could you elaborate on what use case you are trying to solve? >>>> >>>> >>>> On Friday, May 22, 2015 at 11:36:21 AM UTC-4, poiati wrote: >>>>> >>>>> Hello guys, >>>>> >>>>> I want to discuss the current login workflow in django. As it is we >>>>> need to call `authenticate` before `login` because we need to set the >>>>> authentication backend in the user model. We can use login without >>>>> authenticate if we set the backend attr manually, but this need some >>>>> implementation knowledge of how authentication backends works. >>>>> >>>>> *PROPOSAL* >>>>> >>>>> *django.contrib.auth.login* >>>>> Only set the backend in the http session if the user has the attr. >>>>> >>>>> request.session[SESSION_KEY] = user._meta.pk.value_to_string(user) >>>>> request.session[HASH_SESSION_KEY] = session_auth_hashif hasattr(user, >>>>> 'backend'): >>>>> request.session[BACKEND_SESSION_KEY] = user.backend >>>>> >>>>> >>>>> *django.contrib.auth.get_user* >>>>> >>>>> If the backend is not set iterate over all the backends in >>>>> `settings.AUTHENTICATION_BACKENDS` and return the first found. >>>>> >>>>> >>>>> I can think in two drawbacks of this implementation but as far as my >>>>> knowledge goes neither of them is a big deal. >>>>> >>>>> >>>>> - Performance, in the worst case we are trying all the backends this can >>>>> take some time depending on the backend provider. >>>>> >>>>> >>>>> - Two backends can share the same user identifier and thus we will be >>>>> using the first declared in the settings. >>>>> >>>>> >>>>> What do you guys think? >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Paulo Poiati. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django developers (Contributions to Django itself)" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected] <javascript:>. >>>> To post to this group, send email to [email protected] >>>> <javascript:>. >>>> Visit this group at http://groups.google.com/group/django-developers. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-developers/fbbd5579-a5e9-4370-8943-75204f334016%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/django-developers/fbbd5579-a5e9-4370-8943-75204f334016%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at http://groups.google.com/group/django-developers. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CABqSV%3D%2B5Vr%2B-JC2_yXdzwUpj9Y%2B1XwNOKf3_Fhc5h%3Dw4kuK%2BpQ%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/django-developers/CABqSV%3D%2B5Vr%2B-JC2_yXdzwUpj9Y%2B1XwNOKf3_Fhc5h%3Dw4kuK%2BpQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/cb5c5b69-c7f6-42a2-baaf-74cf9c9531fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
