p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.

This commit is contained in:
ieatkittens 2016-03-11 17:22:51 -05:00 committed by Tim Graham
parent b3610f38fa
commit ab8af342b1
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/__init__.py
View File

@ -74,7 +74,7 @@ def authenticate(**credentials):
user = backend.authenticate(**credentials) user = backend.authenticate(**credentials)
except PermissionDenied: except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all. # This backend says to stop in our tracks - this user should not be allowed in at all.
return None break
if user is None: if user is None:
continue continue
# Annotate the user object with the path of the backend. # Annotate the user object with the path of the backend.

13
tests/auth_tests/test_auth_backends.py
View File

@ -3,7 +3,7 @@ from __future__ import unicode_literals
from datetime import date from datetime import date
from django.contrib.auth import ( from django.contrib.auth import (
BACKEND_SESSION_KEY, SESSION_KEY, authenticate, get_user, BACKEND_SESSION_KEY, SESSION_KEY, authenticate, get_user, signals,
) )
from django.contrib.auth.backends import ModelBackend from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.hashers import MD5PasswordHasher from django.contrib.auth.hashers import MD5PasswordHasher
@ -475,12 +475,21 @@ class PermissionDeniedBackendTest(TestCase):
def setUp(self): def setUp(self):
self.user1 = User.objects.create_user('test', 'test@example.com', 'test') self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
self.user1.save() self.user_login_failed = []
signals.user_login_failed.connect(self.user_login_failed_listener)
def tearDown(self):
signals.user_login_failed.disconnect(self.user_login_failed_listener)
def user_login_failed_listener(self, sender, credentials, **kwargs):
self.user_login_failed.append(credentials)
@modify_settings(AUTHENTICATION_BACKENDS={'prepend': backend}) @modify_settings(AUTHENTICATION_BACKENDS={'prepend': backend})
def test_permission_denied(self): def test_permission_denied(self):
"user is not authenticated after a backend raises permission denied #2550" "user is not authenticated after a backend raises permission denied #2550"
self.assertEqual(authenticate(username='test', password='test'), None) self.assertEqual(authenticate(username='test', password='test'), None)
# user_login_failed signal is sent.
self.assertEqual(self.user_login_failed, [{'password': '********************', 'username': 'test'}])
@modify_settings(AUTHENTICATION_BACKENDS={'append': backend}) @modify_settings(AUTHENTICATION_BACKENDS={'append': backend})
def test_authenticates(self): def test_authenticates(self):