innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg.

This commit is contained in:
Tim Graham 2017-02-24 10:15:41 -05:00 committed by GitHub
parent 8d4885ede5
commit c31e7ab5a4
4 changed files with 47 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
django/contrib/auth/__init__.py
View File

@ -67,21 +67,35 @@ def authenticate(request=None, **credentials):
""" """
for backend, backend_path in _get_backends(return_tuples=True): for backend, backend_path in _get_backends(return_tuples=True):
args = (request,) args = (request,)
# Does the backend accept a request argument?
try: try:
inspect.getcallargs(backend.authenticate, request, **credentials) inspect.getcallargs(backend.authenticate, request, **credentials)
except TypeError: except TypeError:
args = ()
# Does the backend accept a request keyword argument?
try: try:
inspect.getcallargs(backend.authenticate, **credentials) inspect.getcallargs(backend.authenticate, request=request, **credentials)
except TypeError: except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one. # Does the backend accept credentials without request?
continue try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
else:
warnings.warn(
"Update %s.authenticate() to accept a positional "
"`request` argument." % backend_path,
RemovedInDjango21Warning
)
else: else:
args = () credentials['request'] = request
warnings.warn( warnings.warn(
"Update authentication backend %s to accept a " "In %s.authenticate(), move the `request` keyword argument "
"positional `request` argument." % backend_path, "to the first positional argument." % backend_path,
RemovedInDjango21Warning RemovedInDjango21Warning
) )
try: try:
user = backend.authenticate(*args, **credentials) user = backend.authenticate(*args, **credentials)
except PermissionDenied: except PermissionDenied:

4
docs/internals/deprecation.txt
View File

@ -52,8 +52,8 @@ details on these changes.
* ``DatabaseIntrospection.get_indexes()`` will be removed. * ``DatabaseIntrospection.get_indexes()`` will be removed.
* The ``authenticate()`` method of authentication backends will require a * The ``authenticate()`` method of authentication backends will require
``request`` argument. ``request`` as the first positional argument.
* The ``django.db.models.permalink()`` decorator will be removed. * The ``django.db.models.permalink()`` decorator will be removed.

3
docs/releases/1.11.txt
View File

@ -796,7 +796,8 @@ Miscellaneous
* :func:`~django.contrib.auth.authenticate` now passes a ``request`` argument * :func:`~django.contrib.auth.authenticate` now passes a ``request`` argument
to the ``authenticate()`` method of authentication backends. Support for to the ``authenticate()`` method of authentication backends. Support for
methods that don't accept ``request`` will be removed in Django 2.1. methods that don't accept ``request`` as the first positional argument will
be removed in Django 2.1.
* The ``USE_ETAGS`` setting is deprecated in favor of * The ``USE_ETAGS`` setting is deprecated in favor of
:class:`~django.middleware.http.ConditionalGetMiddleware` which now adds the :class:`~django.middleware.http.ConditionalGetMiddleware` which now adds the

24
tests/auth_tests/test_auth_backends_deprecation.py
View File

@ -3,6 +3,8 @@ import warnings
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from django.test import SimpleTestCase, override_settings from django.test import SimpleTestCase, override_settings
mock_request = object()
class NoRequestBackend: class NoRequestBackend:
def authenticate(self, username=None, password=None): def authenticate(self, username=None, password=None):
@ -10,12 +12,20 @@ class NoRequestBackend:
pass pass
class RequestNotPositionArgBackend:
def authenticate(self, username=None, password=None, request=None):
assert username == 'username'
assert password == 'pass'
assert request is mock_request
class AcceptsRequestBackendTest(SimpleTestCase): class AcceptsRequestBackendTest(SimpleTestCase):
""" """
A deprecation warning is shown for backends that have an authenticate() A deprecation warning is shown for backends that have an authenticate()
method without a request parameter. method without a request parameter.
""" """
no_request_backend = '%s.NoRequestBackend' % __name__ no_request_backend = '%s.NoRequestBackend' % __name__
request_not_positional_backend = '%s.RequestNotPositionArgBackend' % __name__
@override_settings(AUTHENTICATION_BACKENDS=[no_request_backend]) @override_settings(AUTHENTICATION_BACKENDS=[no_request_backend])
def test_no_request_deprecation_warning(self): def test_no_request_deprecation_warning(self):
@ -25,6 +35,18 @@ class AcceptsRequestBackendTest(SimpleTestCase):
self.assertEqual(len(warns), 1) self.assertEqual(len(warns), 1)
self.assertEqual( self.assertEqual(
str(warns[0].message), str(warns[0].message),
"Update authentication backend %s to accept a positional `request` " "Update %s.authenticate() to accept a positional `request` "
"argument." % self.no_request_backend "argument." % self.no_request_backend
) )
@override_settings(AUTHENTICATION_BACKENDS=[request_not_positional_backend])
def test_request_keyword_arg_deprecation_warning(self):
with warnings.catch_warnings(record=True) as warns:
warnings.simplefilter('always')
authenticate(username='username', password='pass', request=mock_request)
self.assertEqual(len(warns), 1)
self.assertEqual(
str(warns[0].message),
"In %s.authenticate(), move the `request` keyword argument to the "
"first positional argument." % self.request_not_positional_backend
)