Hi Django list! I am using a django-crowd authentication backend and the deployment today was not working with our setup. I nailed it down to the fact that the backward compatibility is not working as expected for 1.11 for the authenticate method:
https://docs.djangoproject.com/en/1.11/topics/auth/default/#django.contrib.auth.authenticate Step to reproduce: - add an authentication backend using Django < 1.11 API at the end of the authentication backend list supplied by AUTHENTICATION_BACKENDS. At the end, or at least not in the first position, is important here - try to log in with a user in this backend Expected result: - the authenticate method is called for this authentication backend What happens: - the authentication backend is discarded as it does not (supposedly) have the right API. It works as expected if the authentication backend is first in the list. Bug explanation: * the credential dictionary is polluted by the "request" argument after the first iteration in django/contrib/auth/__init__.py line 92 * after the first loop, all calls to "inspect.getcallargs(backend.authenticate, **credentials)" (line 81, same file) with the Django <= 1.10 API can only fail because they raise the exception TypeError indicating that they do not support this API The fix needs to move to the new API, I think it should at least be advertised as a breaking change in the release notes, or this bug should be fixed by not adding the "request" to the "credentials" dict. Thanks for the wonderful work on Django, I am so much in love with this! Best regards, Raffi Enficiaud -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/18df46d6-aeab-4cd0-8c2a-7cdaa4d78469%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
