mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-26 15:16:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #24855 -- Allowed using contrib.auth.login() without credentials.

Browse Source 
Added an optional `backend` argument to login().
This commit is contained in:
Paulo Poiati
2015-07-05 17:54:25 -03:00
committed by Tim Graham
parent bd3c2900fc
commit b643386668
7 changed files with 95 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
django/contrib/auth/__init__.py
View File

@@ -86,7 +86,7 @@ def authenticate(**credentials):
credentials=_clean_credentials(credentials))
def login(request, user):
def login(request, user, backend=None):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
@@ -108,8 +108,22 @@ def login(request, user):
request.session.flush()
else:
request.session.cycle_key()
try:
backend = backend or user.backend
except AttributeError:
backends = _get_backends(return_tuples=True)
if len(backends) == 1:
_, backend = backends[0]
else:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.'
)
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = user.backend
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
if hasattr(request, 'user'):
request.user = user

9
django/test/client.py
View File

@@ -603,12 +603,9 @@ class Client(RequestFactory):
return False
def force_login(self, user, backend=None):
if backend is None:
backend = settings.AUTHENTICATION_BACKENDS[0]
user.backend = backend
self._login(user)
self._login(user, backend)
def _login(self, user):
def _login(self, user, backend=None):
from django.contrib.auth import login
engine = import_module(settings.SESSION_ENGINE)
@@ -619,7 +616,7 @@ class Client(RequestFactory):
request.session = self.session
else:
request.session = engine.SessionStore()
login(request, user)
login(request, user, backend)
# Save the session values.
request.session.save()