Make sure that all errors are handled explicitly to be able to perform chained authentications

Review Request #730 — Created Jan. 30, 2009 and submitted — Latest diff uploaded

morozov
Review Board SVN (deprecated)
reviewboard
If an exception goes uncaught out of LDAPBacked.authenticate() function, the caller side (django.contrib.auth.authenticate()) doesn't catch it  and thus stops processing of authenticating backends chain. So e.g. a locally created 'admin' user isn't able to login at all (the LDAP search returns nothing so accessing of search[0] generates IndexError and voila -- after switching to LDAP-based authentication admin can't login and can't grant a LDAP user administrative permissions)


Loading...