[Django] #34408: Authorization in Custom Authentication Backend does not work

Sat, 11 Mar 2023 10:40:28 -0800 

#34408: Authorization in Custom Authentication Backend does not work
-------------------------------------+-------------------------------------
               Reporter:             |          Owner:  nobody
  vivekthedev                        |
                   Type:  Bug        |         Status:  new
              Component:             |        Version:  4.1
  contrib.auth                       |       Keywords:  authentication,
               Severity:  Normal     |  authorization
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  1
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 I was experimenting with `has_perm` and `user_can_authenticate` functions
 in my custom authentication backend when I found out these function aren't
 even executing during the Authentication process. I tries putting print
 statements but there was no output in the log screen. I also tried using
 example suggested in Django Documentation
 (https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#handling-
 authorization-in-custom-backends) but it still didn't work.

 Here is my code:

  backends.py
 ```
 class EmailBackend(BaseBackend):
     def authenticate(self, request, username=None, password=None):
         try:
             user = User.objects.get(email=username)
             if user.check_password(password):
                 return user
             return None
         except User.DoesNotExist:
             return None


     def get_user(self, user_id):
         try:
             return User.objects.get(pk=user_id)

         except User.DoesNotExist:
             return None

     def has_perm(self, user_obj, perm, obj=None):
         print("hello")
         return True

 ```

 and logs

 ```
 [12/Mar/2023 00:01:05] "GET /login HTTP/1.1" 200 861
 [12/Mar/2023 00:01:16] "POST /login HTTP/1.1" 302 0
 [12/Mar/2023 00:01:16] "GET / HTTP/1.1" 200 370
 ```

 as you can see there was no output saying "hello".
 please explain what is the use of has_perm and other authorization
 functions in django anyway.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/34408>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070186d1f95146-bec72ab4-bb31-4eb7-8474-2e340fae34de-000000%40eu-central-1.amazonses.com.

Reply via email to