diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py index d752e3172b..8a0bcb7420 100644 --- a/django/contrib/auth/__init__.py +++ b/django/contrib/auth/__init__.py @@ -1,13 +1,11 @@ import inspect import re -import warnings from django.apps import apps as django_apps from django.conf import settings from django.core.exceptions import ImproperlyConfigured, PermissionDenied from django.middleware.csrf import rotate_token from django.utils.crypto import constant_time_compare -from django.utils.deprecation import RemovedInDjango61Warning from django.utils.module_loading import import_string from django.views.decorators.debug import sensitive_variables @@ -156,21 +154,7 @@ def login(request, user, backend=None): have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # session_auth_hash = user.get_session_auth_hash() - session_auth_hash = "" - # RemovedInDjango61Warning. - if user is None: - user = request.user - warnings.warn( - "Fallback to request.user when user is None will be removed.", - RemovedInDjango61Warning, - stacklevel=2, - ) - - # RemovedInDjango61Warning. - if hasattr(user, "get_session_auth_hash"): - session_auth_hash = user.get_session_auth_hash() + session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: if _get_user_session_key(request) != user.pk or ( @@ -199,20 +183,7 @@ def login(request, user, backend=None): async def alogin(request, user, backend=None): """See login().""" - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # session_auth_hash = user.get_session_auth_hash() - session_auth_hash = "" - # RemovedInDjango61Warning. - if user is None: - warnings.warn( - "Fallback to request.auser() when user is None will be removed.", - RemovedInDjango61Warning, - stacklevel=2, - ) - user = await request.auser() - # RemovedInDjango61Warning. - if hasattr(user, "get_session_auth_hash"): - session_auth_hash = user.get_session_auth_hash() + session_auth_hash = user.get_session_auth_hash() if await request.session.ahas_key(SESSION_KEY): if await _aget_user_session_key(request) != user.pk or ( diff --git a/docs/releases/6.1.txt b/docs/releases/6.1.txt index 9ed7bbd8e6..c95b9b1c57 100644 --- a/docs/releases/6.1.txt +++ b/docs/releases/6.1.txt @@ -268,3 +268,7 @@ to remove usage of these features. * The ``all`` parameter for the ``django.contrib.staticfiles.finders.find()`` function is removed in favor of the ``find_all`` parameter. + +* Fallbacks to ``request.user`` and ``request.auser()`` when ``user`` is + ``None`` in ``django.contrib.auth.login()`` and + ``django.contrib.auth.alogin()``, respectively, are removed. diff --git a/tests/async/test_async_auth.py b/tests/async/test_async_auth.py index d872a4c5bb..1ce2747d4d 100644 --- a/tests/async/test_async_auth.py +++ b/tests/async/test_async_auth.py @@ -8,7 +8,6 @@ from django.contrib.auth import ( from django.contrib.auth.models import AnonymousUser, User from django.http import HttpRequest from django.test import TestCase, override_settings -from django.utils.deprecation import RemovedInDjango61Warning class AsyncAuthTest(TestCase): @@ -61,68 +60,15 @@ class AsyncAuthTest(TestCase): self.assertIsInstance(user, User) self.assertEqual(user.username, second_user.username) - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # async def test_alogin_without_user(self): - async def test_alogin_without_user_no_request_user(self): + async def test_alogin_without_user(self): request = HttpRequest() request.session = await self.client.asession() - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # with self.assertRaisesMessage( - # AttributeError, - # "'NoneType' object has no attribute 'get_session_auth_hash'", - # ): - # await alogin(request, None) - with ( - self.assertRaisesMessage( - AttributeError, - "'HttpRequest' object has no attribute 'auser'", - ), - self.assertWarnsMessage( - RemovedInDjango61Warning, - "Fallback to request.auser() when user is None will be removed.", - ), + with self.assertRaisesMessage( + AttributeError, + "'NoneType' object has no attribute 'get_session_auth_hash'", ): await alogin(request, None) - # RemovedInDjango61Warning: When the deprecation ends, remove completely. - async def test_alogin_without_user_anonymous_request(self): - async def auser(): - return AnonymousUser() - - request = HttpRequest() - request.user = AnonymousUser() - request.auser = auser - request.session = await self.client.asession() - with ( - self.assertRaisesMessage( - AttributeError, - "'AnonymousUser' object has no attribute '_meta'", - ), - self.assertWarnsMessage( - RemovedInDjango61Warning, - "Fallback to request.auser() when user is None will be removed.", - ), - ): - await alogin(request, None) - - # RemovedInDjango61Warning: When the deprecation ends, remove completely. - async def test_alogin_without_user_authenticated_request(self): - async def auser(): - return self.test_user - - request = HttpRequest() - request.user = self.test_user - request.auser = auser - request.session = await self.client.asession() - with self.assertWarnsMessage( - RemovedInDjango61Warning, - "Fallback to request.auser() when user is None will be removed.", - ): - await alogin(request, None) - user = await aget_user(request) - self.assertIsInstance(user, User) - self.assertEqual(user.username, self.test_user.username) - async def test_alogout(self): await self.client.alogin(username="testuser", password="testpw") request = HttpRequest() diff --git a/tests/auth_tests/test_login.py b/tests/auth_tests/test_login.py index 2c0c1c5796..6da20ac5fa 100644 --- a/tests/auth_tests/test_login.py +++ b/tests/auth_tests/test_login.py @@ -1,8 +1,7 @@ from django.contrib import auth -from django.contrib.auth.models import AnonymousUser, User +from django.contrib.auth.models import User from django.http import HttpRequest from django.test import TestCase -from django.utils.deprecation import RemovedInDjango61Warning class TestLogin(TestCase): @@ -25,48 +24,9 @@ class TestLogin(TestCase): auth.login(self.request, self.user) self.assertEqual(self.request.session[auth.SESSION_KEY], str(self.user.pk)) - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # def test_without_user(self): - def test_without_user_no_request_user(self): - # RemovedInDjango61Warning: When the deprecation ends, replace with: - # with self.assertRaisesMessage( - # AttributeError, - # "'NoneType' object has no attribute 'get_session_auth_hash'", - # ): - # auth.login(self.request, None) - with ( - self.assertRaisesMessage( - AttributeError, - "'HttpRequest' object has no attribute 'user'", - ), - self.assertWarnsMessage( - RemovedInDjango61Warning, - "Fallback to request.user when user is None will be removed.", - ), + def test_without_user(self): + with self.assertRaisesMessage( + AttributeError, + "'NoneType' object has no attribute 'get_session_auth_hash'", ): auth.login(self.request, None) - - # RemovedInDjango61Warning: When the deprecation ends, remove completely. - def test_without_user_anonymous_request(self): - self.request.user = AnonymousUser() - with ( - self.assertRaisesMessage( - AttributeError, - "'AnonymousUser' object has no attribute '_meta'", - ), - self.assertWarnsMessage( - RemovedInDjango61Warning, - "Fallback to request.user when user is None will be removed.", - ), - ): - auth.login(self.request, None) - - # RemovedInDjango61Warning: When the deprecation ends, remove completely. - def test_without_user_authenticated_request(self): - self.request.user = self.user - self.assertNotIn(auth.SESSION_KEY, self.request.session) - - msg = "Fallback to request.user when user is None will be removed." - with self.assertWarnsMessage(RemovedInDjango61Warning, msg): - auth.login(self.request, None) - self.assertEqual(self.request.session[auth.SESSION_KEY], str(self.user.pk))