mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-09-17 22:49:35 +00:00
Code Issues 32 Releases Wiki Activity

Refs #35530 -- Removed request.user or auser() fallback in auth.login and auth.alogin.

Browse Source 
Per deprecation timeline.
This commit is contained in:
Jacob Walls 2025-09-05 14:06:36 -04:00 committed by nessita
parent a146fe2930
commit 32e266dc5b
4 changed files with 15 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
django/contrib/auth/__init__.py
View File

@ -1,13 +1,11 @@
import inspect
import re
import warnings
from django.apps import apps as django_apps
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
from django.middleware.csrf import rotate_token
from django.utils.crypto import constant_time_compare
from django.utils.deprecation import RemovedInDjango61Warning
from django.utils.module_loading import import_string
from django.views.decorators.debug import sensitive_variables
@ -156,21 +154,7 @@ def login(request, user, backend=None):
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# session_auth_hash = user.get_session_auth_hash()
session_auth_hash = ""
# RemovedInDjango61Warning.
if user is None:
user = request.user
warnings.warn(
"Fallback to request.user when user is None will be removed.",
RemovedInDjango61Warning,
stacklevel=2,
)
# RemovedInDjango61Warning.
if hasattr(user, "get_session_auth_hash"):
session_auth_hash = user.get_session_auth_hash()
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
if _get_user_session_key(request) != user.pk or (
@ -199,20 +183,7 @@ def login(request, user, backend=None):
async def alogin(request, user, backend=None):
"""See login()."""
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# session_auth_hash = user.get_session_auth_hash()
session_auth_hash = ""
# RemovedInDjango61Warning.
if user is None:
warnings.warn(
"Fallback to request.auser() when user is None will be removed.",
RemovedInDjango61Warning,
stacklevel=2,
)
user = await request.auser()
# RemovedInDjango61Warning.
if hasattr(user, "get_session_auth_hash"):
session_auth_hash = user.get_session_auth_hash()
session_auth_hash = user.get_session_auth_hash()
if await request.session.ahas_key(SESSION_KEY):
if await _aget_user_session_key(request) != user.pk or (

4
docs/releases/6.1.txt
View File

@ -268,3 +268,7 @@ to remove usage of these features.
* The ``all`` parameter for the ``django.contrib.staticfiles.finders.find()``
function is removed in favor of the ``find_all`` parameter.
* Fallbacks to ``request.user`` and ``request.auser()`` when ``user`` is
``None`` in ``django.contrib.auth.login()`` and
``django.contrib.auth.alogin()``, respectively, are removed.

62
tests/async/test_async_auth.py
View File

@ -8,7 +8,6 @@ from django.contrib.auth import (
from django.contrib.auth.models import AnonymousUser, User
from django.http import HttpRequest
from django.test import TestCase, override_settings
from django.utils.deprecation import RemovedInDjango61Warning
class AsyncAuthTest(TestCase):
@ -61,68 +60,15 @@ class AsyncAuthTest(TestCase):
self.assertIsInstance(user, User)
self.assertEqual(user.username, second_user.username)
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# async def test_alogin_without_user(self):
async def test_alogin_without_user_no_request_user(self):
async def test_alogin_without_user(self):
request = HttpRequest()
request.session = await self.client.asession()
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# with self.assertRaisesMessage(
# AttributeError,
# "'NoneType' object has no attribute 'get_session_auth_hash'",
# ):
# await alogin(request, None)
with (
self.assertRaisesMessage(
AttributeError,
"'HttpRequest' object has no attribute 'auser'",
),
self.assertWarnsMessage(
RemovedInDjango61Warning,
"Fallback to request.auser() when user is None will be removed.",
),
with self.assertRaisesMessage(
AttributeError,
"'NoneType' object has no attribute 'get_session_auth_hash'",
):
await alogin(request, None)
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
async def test_alogin_without_user_anonymous_request(self):
async def auser():
return AnonymousUser()
request = HttpRequest()
request.user = AnonymousUser()
request.auser = auser
request.session = await self.client.asession()
with (
self.assertRaisesMessage(
AttributeError,
"'AnonymousUser' object has no attribute '_meta'",
),
self.assertWarnsMessage(
RemovedInDjango61Warning,
"Fallback to request.auser() when user is None will be removed.",
),
):
await alogin(request, None)
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
async def test_alogin_without_user_authenticated_request(self):
async def auser():
return self.test_user
request = HttpRequest()
request.user = self.test_user
request.auser = auser
request.session = await self.client.asession()
with self.assertWarnsMessage(
RemovedInDjango61Warning,
"Fallback to request.auser() when user is None will be removed.",
):
await alogin(request, None)
user = await aget_user(request)
self.assertIsInstance(user, User)
self.assertEqual(user.username, self.test_user.username)
async def test_alogout(self):
await self.client.alogin(username="testuser", password="testpw")
request = HttpRequest()

50
tests/auth_tests/test_login.py
View File

@ -1,8 +1,7 @@
from django.contrib import auth
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.auth.models import User
from django.http import HttpRequest
from django.test import TestCase
from django.utils.deprecation import RemovedInDjango61Warning
class TestLogin(TestCase):
@ -25,48 +24,9 @@ class TestLogin(TestCase):
auth.login(self.request, self.user)
self.assertEqual(self.request.session[auth.SESSION_KEY], str(self.user.pk))
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# def test_without_user(self):
def test_without_user_no_request_user(self):
# RemovedInDjango61Warning: When the deprecation ends, replace with:
# with self.assertRaisesMessage(
# AttributeError,
# "'NoneType' object has no attribute 'get_session_auth_hash'",
# ):
# auth.login(self.request, None)
with (
self.assertRaisesMessage(
AttributeError,
"'HttpRequest' object has no attribute 'user'",
),
self.assertWarnsMessage(
RemovedInDjango61Warning,
"Fallback to request.user when user is None will be removed.",
),
def test_without_user(self):
with self.assertRaisesMessage(
AttributeError,
"'NoneType' object has no attribute 'get_session_auth_hash'",
):
auth.login(self.request, None)
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
def test_without_user_anonymous_request(self):
self.request.user = AnonymousUser()
with (
self.assertRaisesMessage(
AttributeError,
"'AnonymousUser' object has no attribute '_meta'",
),
self.assertWarnsMessage(
RemovedInDjango61Warning,
"Fallback to request.user when user is None will be removed.",
),
):
auth.login(self.request, None)
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
def test_without_user_authenticated_request(self):
self.request.user = self.user
self.assertNotIn(auth.SESSION_KEY, self.request.session)
msg = "Fallback to request.user when user is None will be removed."
with self.assertWarnsMessage(RemovedInDjango61Warning, msg):
auth.login(self.request, None)
self.assertEqual(self.request.session[auth.SESSION_KEY], str(self.user.pk))