Summary

Remove authentication warnings when missing credential parameters.

Review Request #14142 — Created Sept. 4, 2024 and submitted Nov. 3, 2024, 1:40 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-7.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

A while back, we had added some additional debug logging to our auth
backends' authenticate() methods, in an effort to help provide useful
information if these methods ever got called with missing credentials.

That can be useful, but in practice it was causing spurious warnings
when an API client tried to use an API token to authenticate and when
using an auth backend that had this logging.

The API token web auth backend would generate credentials and then call
auth.authenticate(), which would loop through all auth backends until
one handled the request. This was intended to trigger a corresponding
API token auth backend (either the default in Djblets or the default in
Review Board).

This backend is registered after the normal auth backends, so we'd do
one pass through those backends, log the warnings, and then get to the
proper backends.

Ideally, we'd rework some of this to be able to consider only backends
matching certain criteria, but that'd require some larger rework of
this. For now, we're going to just remove those warnings, since they're
doing more harm than good.

Testing Done

Unit tests pass.

Commits

Summary	ID
Remove authentication warnings when missing credential parameters. A while back, we had added some additional debug logging to our auth backends' `authenticate()` methods, in an effort to help provide useful information if these methods ever got called with missing credentials. That can be useful, but in practice it was causing spurious warnings when an API client tried to use an API token to authenticate and when using an auth backend that had this logging. The API token web auth backend would generate credentials and then call `auth.authenticate()`, which would loop through all auth backends until one handled the request. This was intended to trigger a corresponding API token auth backend (either the default in Djblets or the default in Review Board). This backend is registered after the normal auth backends, so we'd do one pass through those backends, log the warnings, and then get to the proper backends. Ideally, we'd rework some of this to be able to consider only backends matching certain criteria, but that'd require some larger rework of this. For now, we're going to just remove those warnings, since they're doing more harm than good.	44619d24868a5d5338c5539a7a171a6a1a880709

Summary

Remove authentication warnings when missing credential parameters.

A while back, we had added some additional debug logging to our auth backends' `authenticate()` methods, in an effort to help provide useful information if these methods ever got called with missing credentials. That can be useful, but in practice it was causing spurious warnings when an API client tried to use an API token to authenticate and when using an auth backend that had this logging. The API token web auth backend would generate credentials and then call `auth.authenticate()`, which would loop through all auth backends until one handled the request. This was intended to trigger a corresponding API token auth backend (either the default in Djblets or the default in Review Board). This backend is registered after the normal auth backends, so we'd do one pass through those backends, log the warnings, and then get to the proper backends. Ideally, we'd rework some of this to be able to consider only backends matching certain criteria, but that'd require some larger rework of this. For now, we're going to just remove those warnings, since they're doing more harm than good.

44619d24868a5d5338c5539a7a171a6a1a880709

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-7.x (c65dcdc)