#34408: Authorization in Custom Authentication Backend does not work
-------------------------------------+-------------------------------------
Reporter: Vivek Kumar Singh | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: 4.1
Severity: Normal | Resolution: invalid
Keywords: authentication, | Triage Stage:
authorization | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Tim Graham):
* status: new => closed
* resolution: => invalid
Old description:
> I was experimenting with `has_perm` and `user_can_authenticate` functions
> in my custom authentication backend when I found out these function
> aren't even executing during the Authentication process. I tries putting
> print statements but there was no output in the log screen. I also tried
> using example suggested in Django Documentation
> (https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#handling-
> authorization-in-custom-backends) but it still didn't work.
>
> Here is my code:
>
> backends.py
> ```
> class EmailBackend(BaseBackend):
> def authenticate(self, request, username=None, password=None):
> try:
> user = User.objects.get(email=username)
> if user.check_password(password):
> return user
> return None
> except User.DoesNotExist:
> return None
>
> def get_user(self, user_id):
> try:
> return User.objects.get(pk=user_id)
>
> except User.DoesNotExist:
> return None
>
> def has_perm(self, user_obj, perm, obj=None):
> print("hello")
> return True
>
> ```
>
> and logs
>
> ```
> [12/Mar/2023 00:01:05] "GET /login HTTP/1.1" 200 861
> [12/Mar/2023 00:01:16] "POST /login HTTP/1.1" 302 0
> [12/Mar/2023 00:01:16] "GET / HTTP/1.1" 200 370
> ```
>
> as you can see there was no output saying "hello".
> please explain what is the use of has_perm and other authorization
> functions in django anyway.
New description:
I was experimenting with `has_perm` and `user_can_authenticate` functions
in my custom authentication backend when I found out these function aren't
even executing during the Authentication process. I tries putting print
statements but there was no output in the log screen. I also tried using
example suggested in Django Documentation
(https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#handling-
authorization-in-custom-backends) but it still didn't work.
Here is my code:
{{{#!python
class EmailBackend(BaseBackend):
def authenticate(self, request, username=None, password=None):
try:
user = User.objects.get(email=username)
if user.check_password(password):
return user
return None
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def has_perm(self, user_obj, perm, obj=None):
print("hello")
return True
}}}
and logs
{{{
[12/Mar/2023 00:01:05] "GET /login HTTP/1.1" 200 861
[12/Mar/2023 00:01:16] "POST /login HTTP/1.1" 302 0
[12/Mar/2023 00:01:16] "GET / HTTP/1.1" 200 370
}}}
as you can see there was no output saying "hello".
please explain what is the use of has_perm and other authorization
functions in django anyway.
--
Comment:
This looks like a lack of understanding rather than a bug report. Please
spend more time reading the code and documentation to understand how it
works. After that, if you have a specific documentation enhancement
proposal, feel free to offer it.
--
Ticket URL: <https://code.djangoproject.com/ticket/34408#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070186d25b2d4d-c44f7f5a-669a-44d5-b68c-14ae138326f7-000000%40eu-central-1.amazonses.com.
