Update the auth backends and Change Password for newer Django requirements.

Review Request #11333 — Created Dec. 15, 2020 and submitted — Latest diff uploaded


Review Board


Django's auth backends now require request as the first positional
parameter, which we didn't have before. Django 1.11 will warn about this
if warnings are enabled, but otherwise works around it. Django 2.0 will
outright require it.

This only manifested as a problem in one situation, when changing
passwords in My Account. In this case, we call authenticate() directly
on the backend, rather than Django's wrapper (which handles legacy
signatures). This triggered a breakage on the standard auth backend.

All authenticate() signatures have been updated, and all call sites as

This is a breaking change for any third-party auth backends.

Unit tests pass.

Successfully changed my password in My Account.