#22771: TestCase.client.logout fails when using custom authentication backend 
not
based on AUTH_USER_MODEL
---------------------------------+-----------------------------------------
     Reporter:  xafer            |      Owner:  nobody
         Type:  Uncategorized    |     Status:  new
    Component:  Testing          |    Version:  1.6
  framework                      |   Keywords:  logout test AUTH_USER_MODEL
     Severity:  Normal           |  Has patch:  0
 Triage Stage:  Unreviewed       |      UI/UX:  0
Easy pickings:  0                |
---------------------------------+-----------------------------------------
 Hello !

 I'm not sure if it's a bug or a new feature:

 TestCase.client.login calls django.contrib.auth.login(request, user)
 which stores the user id and its backend in the request's session:
     request.session[SESSION_KEY] = user.pk
     request.session[BACKEND_SESSION_KEY] = user.backend

 But in TestCase.client.logout calls, Django tries to get the authenticated
 user with:
     uid = self.session.get(SESSION_KEY)
     request.user = UserModel._default_manager.get(pk=uid)

 assuming user is a AUTH_USER_MODEL and without checking its
 BACKEND_SESSION_KEY...

 It would seem cleaner to actually rly on django.contrib.auth.get_user to
 find the correct user (whatever its type) and allow the concurrent use of
 multiple user models (typically user model and customer model...).

 See https://github.com/xavfernandez/django_test_client_bugreport for a
 failing example.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/22771>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/048.1d8b674ce5a5108061db4ec140cb97c8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to