Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL.

Thanks littlepig for the report.

django/contrib/auth/backends.py

@@ -5,7 +5,7 @@ from django.contrib.auth.models import Permission
 
 class ModelBackend(object):
     """
-    Authenticates against django.contrib.auth.models.User.
+    Authenticates against settings.AUTH_USER_MODEL.
     """
 
     def authenticate(self, username=None, password=None, **kwargs):

docs/ref/request-response.txt

@@ -165,10 +165,11 @@ All attributes should be considered read-only, unless stated otherwise below.
 
 .. attribute:: HttpRequest.user
 
-    A ``django.contrib.auth.models.User`` object representing the currently
+    An object of type :setting:`AUTH_USER_MODEL` representing the currently
     logged-in user. If the user isn't currently logged in, ``user`` will be set
-    to an instance of ``django.contrib.auth.models.AnonymousUser``. You
-    can tell them apart with ``is_authenticated()``, like so::
+    to an instance of :class:`django.contrib.auth.models.AnonymousUser`. You
+    can tell them apart with
+    :meth:`~django.contrib.auth.models.User.is_authenticated`, like so::
 
         if request.user.is_authenticated():
             # Do something for logged-in users.
@@ -176,8 +177,8 @@ All attributes should be considered read-only, unless stated otherwise below.
             # Do something for anonymous users.
 
     ``user`` is only available if your Django installation has the
-    ``AuthenticationMiddleware`` activated. For more, see
-    :doc:`/topics/auth/index`.
+    :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`
+    activated. For more, see :doc:`/topics/auth/index`.
 
 .. attribute:: HttpRequest.session