Hi Unai, On 05/25/2015 10:52 AM, Unai Zalakain wrote: >> We can't default the `backend` argument to anything but a sentinel >> value, because if it's supplied, it should take priority, but if it's >> not supplied we need to maintain backwards compatibility with existing >> behavior, where the `user.backend` annotation is used. > > So, to sum app, the behaviour would be: > > - If the backend argument is not the sentinel, use that backend. > - Else, if `user.backend` is present, use that backend. > - Else, use Django's default auth backend.
...unless Django's default auth backend is not in AUTHENTICATION_BACKENDS, in which case raise an error? > I think it's somewhat important to be explicit about the backend we want > to use if that backend is not Django's default one. By defaulting to the > backend defined in settings if there is only one present we are > introducing a bit more of magic. I don't agree that the default auth backend deserves special treatment. If a project is using an AUTHENTICATION_BACKENDS with only the default backend in it, and then at some point they need to make some small tweak (case-insensitive lookups, perhaps), so they subclass it and now have an AUTHENTICATION_BACKENDS setting that still has only one backend, basically the same as before but now a subclass of it, I don't think this should mean that now they suddenly have to explicitly specify it in a call to `login()` whereas before they didn't. I think special handling for the default backend is _more_ magical and unexpected than special handling of length-one AUTHENTICATION_BACKENDS. I'm open to the argument that we should always require explicit selection of backend (no default in case of only one backend defined). This trades some convenience in the common case for more explicit behavior. I have no strong feeling either way there. But I'm opposed to special treatment for the default backend. Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5563591E.9010406%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
