diff options
| author | Paulo Poiati <paulogpoiati@gmail.com> | 2015-07-05 17:54:25 -0300 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-01-07 08:56:07 -0500 |
| commit | b6433866682baac35a953e59298dff7f399ac49b (patch) | |
| tree | b0a6a9ce9edd6099b1b79744c5087b5783d994ff /docs | |
| parent | bd3c2900fc0e6863924d3b27f0713aa3022c061d (diff) | |
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.10.txt | 3 | ||||
| -rw-r--r-- | docs/topics/auth/default.txt | 41 |
2 files changed, 32 insertions, 12 deletions
diff --git a/docs/releases/1.10.txt b/docs/releases/1.10.txt index 0eec66faee..64a755bdfb 100644 --- a/docs/releases/1.10.txt +++ b/docs/releases/1.10.txt @@ -68,6 +68,9 @@ Minor features to prevent an issue where Safari caches redirects and prevents a user from being able to log out. +* Added the optional ``backend`` argument to :func:`~django.contrib.auth.login` + to allowing using it without credentials. + :mod:`django.contrib.contenttypes` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index 046b7731c0..e0740a201d 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -322,7 +322,7 @@ How to log a user in If you have an authenticated user you want to attach to the current session - this is done with a :func:`~django.contrib.auth.login` function. -.. function:: login(request, user) +.. function:: login(request, user, backend=None) To log a user in, from a view, use :func:`~django.contrib.auth.login()`. It takes an :class:`~django.http.HttpRequest` object and a @@ -354,18 +354,35 @@ If you have an authenticated user you want to attach to the current session # Return an 'invalid login' error message. ... -.. admonition:: Calling ``authenticate()`` first + .. versionchanged:: 1.10 - When you're manually logging a user in, you *must* successfully authenticate - the user with :func:`~django.contrib.auth.authenticate()` before you call - :func:`~django.contrib.auth.login()`. - :func:`~django.contrib.auth.authenticate()` - sets an attribute on the :class:`~django.contrib.auth.models.User` noting - which authentication backend successfully authenticated that user (see the - :ref:`backends documentation <authentication-backends>` for details), and - this information is needed later during the login process. An error will be - raised if you try to login a user object retrieved from the database - directly. + In older versions, when you're manually logging a user in, you *must* + successfully authenticate the user with + :func:`~django.contrib.auth.authenticate()` before you call + :func:`~django.contrib.auth.login()`. Now you can set the backend using + the new ``backend`` argument. + +Selecting the :ref:`authentication backend <authentication-backends>` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When a user logs in, the user's ID and the backend that was used for +authentication are saved in the user's session. This allows the same +authentication backend to fetch the user's details on a future request. The +authentication backend to save in the session is selected as follows: + +#. Use the value of the optional ``backend`` argument, if provided. +#. Use the value of the ``user.backend`` attribute, if present. This allows + pairing :func:`~django.contrib.auth.authenticate()` and + :func:`~django.contrib.auth.login()`: + :func:`~django.contrib.auth.authenticate()` + sets the ``user.backend`` attribute on the ``User`` object it returns. +#. Use the ``backend`` in :setting:`AUTHENTICATION_BACKENDS`, if there is only + one. +#. Otherwise, raise an exception. + +In cases 1 and 2, the value of the ``backend`` argument or the ``user.backend`` +attribute should be a dotted import path string (like that found in +:setting:`AUTHENTICATION_BACKENDS`), not the actual backend class. How to log a user out --------------------- |
