Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.

3008f30f · Tamas Szabo · Tim Graham · a7975260 · 3008f30f · 3008f30f
Kaydet (Commit) 3008f30f authored May 14, 2017 tarafından Tamas Szabo Kaydeden (comit) Tim Graham May 15, 2017
Showing with 55 additions and 31 deletions

__init__.py django/contrib/auth/__init__.py +34 -31

1.11.2.txt docs/releases/1.11.2.txt +3 -0

test_auth_backends_deprecation.py tests/auth_tests/test_auth_backends_deprecation.py +18 -0

No files found.
--- a/django/contrib/auth/__init__.py
+++ b/django/contrib/auth/__init__.py
@@ -66,38 +66,8 @@ def authenticate(request=None, **credentials):
    If the given credentials are valid, return a User object.
    """
    for backend, backend_path in _get_backends(return_tuples=True):
-        args = (request,)
-        # Does the backend accept a request argument?
        try:
-            inspect.getcallargs(backend.authenticate, request, **credentials)
-        except TypeError:
-            args = ()
-            # Does the backend accept a request keyword argument?
-            try:
-                inspect.getcallargs(backend.authenticate, request=request, **credentials)
-            except TypeError:
-                # Does the backend accept credentials without request?
-                try:
-                    inspect.getcallargs(backend.authenticate, **credentials)
-                except TypeError:
-                    # This backend doesn't accept these credentials as arguments. Try the next one.
-                    continue
-                else:
-                    warnings.warn(
-                        "Update %s.authenticate() to accept a positional "
-                        "`request` argument." % backend_path,
-                        RemovedInDjango21Warning
-                    )
-            else:
-                credentials['request'] = request
-                warnings.warn(
-                    "In %s.authenticate(), move the `request` keyword argument "
-                    "to the first positional argument." % backend_path,
-                    RemovedInDjango21Warning
-                )
-
-        try:
-            user = backend.authenticate(*args, **credentials)
+            user = _authenticate_with_backend(backend, backend_path, request, **credentials)
        except PermissionDenied:
            # This backend says to stop in our tracks - this user should not be allowed in at all.
            break
@@ -111,6 +81,39 @@ def authenticate(request=None, **credentials):
    user_login_failed.send(sender=__name__, credentials=_clean_credentials(credentials), request=request)


+def _authenticate_with_backend(backend, backend_path, request, **credentials):
+    args = (request,)
+    # Does the backend accept a request argument?
+    try:
+        inspect.getcallargs(backend.authenticate, request, **credentials)
+    except TypeError:
+        args = ()
+        # Does the backend accept a request keyword argument?
+        try:
+            inspect.getcallargs(backend.authenticate, request=request, **credentials)
+        except TypeError:
+            # Does the backend accept credentials without request?
+            try:
+                inspect.getcallargs(backend.authenticate, **credentials)
+            except TypeError:
+                # This backend doesn't accept these credentials as arguments. Try the next one.
+                return None
+            else:
+                warnings.warn(
+                    "Update %s.authenticate() to accept a positional "
+                    "`request` argument." % backend_path,
+                    RemovedInDjango21Warning
+                )
+        else:
+            credentials['request'] = request
+            warnings.warn(
+                "In %s.authenticate(), move the `request` keyword argument "
+                "to the first positional argument." % backend_path,
+                RemovedInDjango21Warning
+            )
+    return backend.authenticate(*args, **credentials)
+
+
 def login(request, user, backend=None):
    """
    Persist a user id and a backend in the request. This way a user doesn't

--- a/docs/releases/1.11.2.txt
+++ b/docs/releases/1.11.2.txt
@@ -20,3 +20,6 @@ Bugfixes
  (:ticket:`28142`).

 * Fixed regression causing pickling of model fields to crash (:ticket:`28188`).
+
+* Fixed ``django.contrib.auth.authenticate()`` when multiple authentication
+  backends don't accept a positional ``request`` argument (:ticket:`28207`).
--- a/tests/auth_tests/test_auth_backends_deprecation.py
+++ b/tests/auth_tests/test_auth_backends_deprecation.py
@@ -50,3 +50,21 @@ class AcceptsRequestBackendTest(SimpleTestCase):
            "In %s.authenticate(), move the `request` keyword argument to the "
            "first positional argument." % self.request_not_positional_backend
        )
+
+    @override_settings(AUTHENTICATION_BACKENDS=[request_not_positional_backend, no_request_backend])
+    def test_both_types_of_deprecation_warning(self):
+        with warnings.catch_warnings(record=True) as warns:
+            warnings.simplefilter('always')
+            authenticate(mock_request, username='username', password='pass')
+
+        self.assertEqual(len(warns), 2)
+        self.assertEqual(
+            str(warns[0].message),
+            "In %s.authenticate(), move the `request` keyword argument to the "
+            "first positional argument." % self.request_not_positional_backend
+        )
+        self.assertEqual(
+            str(warns[1].message),
+            "Update %s.authenticate() to accept a positional `request` "
+            "argument." % self.no_request_backend
+        )