#35530: `django.contrib.auth.login` inconsistently guards `request.user`
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jaap Roes):
Thanks, I'll look into making a post on the forum.
Note that in the PR I've only deprecated the current "happy path". That
should shake out any project that's relying on it. The way to mitigate any
fallout is adding a guard before the call to login, so the inconvenience
seems minor.
Regarding the value gained. The current login function in Django has a
code path that, as far we can tell, doesn't need to be there for any true
valid reason. This is a security critical function, and I'd feel a lot
better if it didn't have unexplained behaviour.
--
Ticket URL: <https://code.djangoproject.com/ticket/35530#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701905b01e30a-69b7c5da-6a44-4dd5-9aea-d6ce3ef35eed-000000%40eu-central-1.amazonses.com.
