On Sat, May 23, 2015 at 3:38 PM Carl Meyer <[email protected]> wrote: > On 05/23/2015 11:37 AM, Marc Tamlyn wrote: > > If the backend is inferred by a single value in the settings and not > > stored alongside the user ID, what would happen to existing users > > who are already logged in when a second backend is added to the > > settings and deployed? Django would no longer know which backend to > > use to fetch the authenticated user? > > > > > > I believe the intention would be to store the single backend against the > > user ID on login, so this would be safe for sessions loaded after a > > second backend is added. Obviously code using this convention would need > > to be updated when more than one backend is used. > > > > I think this would be a good plan, I reckon that most sites use only one > > auth backend anyway. > > Right. I think we always need to store the backend in the session; I'm > OK with the backend to store being chosen automatically for sites with > only a single backend configured (at the moment when the user is logged > in). > > So the proposed logic for the login() function would look something like: > > 1) Use the value of the `backend` argument, if provided. > 2) Use the value of the `user.backend` annotation, if present. > 3) Use the only configured backend, if there is only one. > 4) Raise ValueError("You have multiple authentication backends > configured; you must provide the `backend` argument to `login`.") > > (I don't think the error would even need to mention the annotation > option; if you're using authenticate+login you'd never hit the error > anyway, and if you're not then the new `backend` arg is the preferred > API we should advertise.) > > Carl > > This looks perfect to me Carl. I will create a ticket in the tacker and work on it.
Tks all you guys for the feedback and suggestions. > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/5560C91C.3080007%40oddbird.net > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CABqSV%3DJpXGOD5rdpa3mnaDg167CQkM8awSYYbeVRP54cNeMgjg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
