From 1520748dac95a7f114e4bb2feeee04d46c720494 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Sat, 17 Nov 2012 20:24:54 +0100 Subject: Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Ɓukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/releases/1.6.txt | 6 ++++++ docs/topics/auth.txt | 6 ++++++ 2 files changed, 12 insertions(+) (limited to 'docs') diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt index ef162a8de3..49649bc6b8 100644 --- a/docs/releases/1.6.txt +++ b/docs/releases/1.6.txt @@ -17,6 +17,12 @@ deprecation process for some features`_. What's new in Django 1.6 ======================== +Minor features +~~~~~~~~~~~~~~ + +* Authentication backends can raise ``PermissionDenied`` to immediately fail + the authentication chain. + Backwards incompatible changes in 1.6 ===================================== diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index aed482f710..6d8e3c66c3 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -2391,6 +2391,12 @@ processing at the first positive match. you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute ``Session.objects.all().delete()``. +.. versionadded:: 1.6 + +If a backend raises a :class:`~django.core.exceptions.PermissionDenied` +exception, authentication will immediately fail. Django won't check the +backends that follow. + Writing an authentication backend --------------------------------- -- cgit v1.3