summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorPaulo Poiati <paulogpoiati@gmail.com>2015-07-05 17:54:25 -0300
committerTim Graham <timograham@gmail.com>2016-01-07 08:56:07 -0500
commitb6433866682baac35a953e59298dff7f399ac49b (patch)
treeb0a6a9ce9edd6099b1b79744c5087b5783d994ff /docs
parentbd3c2900fc0e6863924d3b27f0713aa3022c061d (diff)
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.10.txt3
-rw-r--r--docs/topics/auth/default.txt41
2 files changed, 32 insertions, 12 deletions
diff --git a/docs/releases/1.10.txt b/docs/releases/1.10.txt
index 0eec66faee..64a755bdfb 100644
--- a/docs/releases/1.10.txt
+++ b/docs/releases/1.10.txt
@@ -68,6 +68,9 @@ Minor features
to prevent an issue where Safari caches redirects and prevents a user from
being able to log out.
+* Added the optional ``backend`` argument to :func:`~django.contrib.auth.login`
+ to allowing using it without credentials.
+
:mod:`django.contrib.contenttypes`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 046b7731c0..e0740a201d 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -322,7 +322,7 @@ How to log a user in
If you have an authenticated user you want to attach to the current session
- this is done with a :func:`~django.contrib.auth.login` function.
-.. function:: login(request, user)
+.. function:: login(request, user, backend=None)
To log a user in, from a view, use :func:`~django.contrib.auth.login()`. It
takes an :class:`~django.http.HttpRequest` object and a
@@ -354,18 +354,35 @@ If you have an authenticated user you want to attach to the current session
# Return an 'invalid login' error message.
...
-.. admonition:: Calling ``authenticate()`` first
+ .. versionchanged:: 1.10
- When you're manually logging a user in, you *must* successfully authenticate
- the user with :func:`~django.contrib.auth.authenticate()` before you call
- :func:`~django.contrib.auth.login()`.
- :func:`~django.contrib.auth.authenticate()`
- sets an attribute on the :class:`~django.contrib.auth.models.User` noting
- which authentication backend successfully authenticated that user (see the
- :ref:`backends documentation <authentication-backends>` for details), and
- this information is needed later during the login process. An error will be
- raised if you try to login a user object retrieved from the database
- directly.
+ In older versions, when you're manually logging a user in, you *must*
+ successfully authenticate the user with
+ :func:`~django.contrib.auth.authenticate()` before you call
+ :func:`~django.contrib.auth.login()`. Now you can set the backend using
+ the new ``backend`` argument.
+
+Selecting the :ref:`authentication backend <authentication-backends>`
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When a user logs in, the user's ID and the backend that was used for
+authentication are saved in the user's session. This allows the same
+authentication backend to fetch the user's details on a future request. The
+authentication backend to save in the session is selected as follows:
+
+#. Use the value of the optional ``backend`` argument, if provided.
+#. Use the value of the ``user.backend`` attribute, if present. This allows
+ pairing :func:`~django.contrib.auth.authenticate()` and
+ :func:`~django.contrib.auth.login()`:
+ :func:`~django.contrib.auth.authenticate()`
+ sets the ``user.backend`` attribute on the ``User`` object it returns.
+#. Use the ``backend`` in :setting:`AUTHENTICATION_BACKENDS`, if there is only
+ one.
+#. Otherwise, raise an exception.
+
+In cases 1 and 2, the value of the ``backend`` argument or the ``user.backend``
+attribute should be a dotted import path string (like that found in
+:setting:`AUTHENTICATION_BACKENDS`), not the actual backend class.
How to log a user out
---------------------