django · tadeck · May 17, 2013 · May 18, 2013 · May 18, 2013 · May 16, 2013
diff --git a/AUTHORS b/AUTHORS
@@ -12,18 +12,25 @@ The PRIMARY AUTHORS are (and/or have been):
     * Luke Plant
     * Russell Keith-Magee
     * Robert Wittams
+    * James Bennett
     * Gary Wilson
+    * Matt Boersma
+    * Ian Kelly
+    * Joseph Kocherhans
     * Brian Rosner
     * Justin Bronn
     * Karen Tracey
     * Jannis Leidel
     * James Tauber
     * Alex Gaynor
+    * Simon Meers
     * Andrew Godwin
     * Carl Meyer
     * Ramiro Morales
+    * Gabriel Hurley
     * Chris Beaven
     * Honza Král
+    * Tim Graham
     * Idan Gazit
     * Paul McMillan
     * Julien Phalip
@@ -36,6 +43,7 @@ The PRIMARY AUTHORS are (and/or have been):
     * Preston Holmes
     * Simon Charette
     * Donald Stufft
+    * Daniel Lindsley
     * Marc Tamlyn
 
 More information on the main contributors to Django can be found in
@@ -84,14 +92,14 @@ answer newbie questions, and generally made Django that much better:
     Randy Barlow <randy@electronsweatshop.com>
     Scott Barr <scott@divisionbyzero.com.au>
     Jiri Barton
+    Jorge Bastida <me@jorgebastida.com>
     Ned Batchelder <http://www.nedbatchelder.com/>
     batiste@dosimple.ch
     Batman
     Brian Beck <http://blog.brianbeck.com/>
     Shannon -jj Behrens <http://jjinux.blogspot.com/>
     Esdras Beleza <linux@esdrasbeleza.com>
     Chris Bennett <chrisrbennett@yahoo.com>
-    James Bennett
     Danilo Bargen
     Shai Berger <shai@platonix.com>
     berto
@@ -104,7 +112,6 @@ answer newbie questions, and generally made Django that much better:
     Simon Blanchard
     Craig Blaszczyk <masterjakul@gmail.com>
     David Blewett <david@dawninglight.net>
-    Matt Boersma <matt@sprout.org>
     Artem Gnilov <boobsd@gmail.com>
     Matías Bordese
     Nate Bragg <jonathan.bragg@alum.rpi.edu>
@@ -117,6 +124,7 @@ answer newbie questions, and generally made Django that much better:
     bthomas
     btoll@bestweb.net
     Jonathan Buchanan <jonathan.buchanan@gmail.com>
+    Jacob Burch <jacobburch@gmail.com>
     Keith Bussell <kbussell@gmail.com>
     C8E
     Chris Cahoon <chris.cahoon@gmail.com>
@@ -268,6 +276,7 @@ answer newbie questions, and generally made Django that much better:
     Eric Holscher <http://ericholscher.com>
     Ian Holsman <http://feh.holsman.net/>
     Kieran Holland <http://www.kieranholland.com>
+    Markus Holtermann <http://markusholtermann.eu>
     Sung-Jin Hong <serialx.net@gmail.com>
     Leo "hylje" Honkanen <sealage@gmail.com>
     Matt Hoskins <skaffenuk@googlemail.com>
@@ -278,13 +287,13 @@ answer newbie questions, and generally made Django that much better:
     Rob Hudson <http://rob.cogit8.org/>
     Jason Huggins <http://www.jrandolph.com/blog/>
     Jeff Hui <jeffkhui@gmail.com>
-    Gabriel Hurley <gabriel@strikeawe.com>
     Hyun Mi Ae
     Ibon <ibonso@gmail.com>
     Tom Insam
     Baurzhan Ismagulov <ibr@radix50.net>
     Stephan Jaekel <steph@rdev.info>
     james_027@yahoo.com
+    Tom Jaskowski <tadeck@gmail.com>
     jcrasta@gmail.com
     jdetaeye
     Dmitry Jemerov <intelliyole@gmail.com>
@@ -327,7 +336,6 @@ answer newbie questions, and generally made Django that much better:
     Meir Kriheli <http://mksoft.co.il/>
     Bruce Kroeze <http://coderseye.com/>
     krzysiek.pawlik@silvermedia.pl
-    Joseph Kocherhans
     konrad@gwu.edu
     knox <christobzr@gmail.com>
     David Krauth
@@ -360,7 +368,6 @@ answer newbie questions, and generally made Django that much better:
     limodou
     Philip Lindborg <philip.lindborg@gmail.com>
     Simon Litchfield <simon@quo.com.au>
-    Daniel Lindsley <daniel@toastdriven.com>
     Trey Long <trey@ktrl.com>
     Laurent Luce <http://www.laurentluce.com>
     Martin Mahner <http://www.mahner.org/>
@@ -499,6 +506,7 @@ answer newbie questions, and generally made Django that much better:
     Bernd Schlapsi
     schwank@gmail.com
     scott@staplefish.com
+    Olivier Sels <olivier.sels@gmail.com>
     Ilya Semenov <semenov@inetss.com>
     Aleksandra Sendecka <asendecka@hauru.eu>
     serbaut@gmail.com

diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
@@ -1,9 +1,11 @@
 import re
 
-from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
+from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured, PermissionDenied
 from django.utils.module_loading import import_by_path
 
+from .signals import user_logged_in, user_logged_out, user_login_failed
+
 SESSION_KEY = '_auth_user_id'
 BACKEND_SESSION_KEY = '_auth_user_backend'
 REDIRECT_FIELD_NAME = 'next'
@@ -14,7 +16,6 @@ def load_backend(path):
 
 
 def get_backends():
-    from django.conf import settings
     backends = []
     for backend_path in settings.AUTHENTICATION_BACKENDS:
         backends.append(load_backend(backend_path))
@@ -106,7 +107,6 @@ def logout(request):
 
 def get_user_model():
     "Return the User model that is active in this project"
-    from django.conf import settings
     from django.db.models import get_model
 
     try:
@@ -120,12 +120,13 @@ def get_user_model():
 
 
 def get_user(request):
-    from django.contrib.auth.models import AnonymousUser
+    from .models import AnonymousUser
     try:
         user_id = request.session[SESSION_KEY]
         backend_path = request.session[BACKEND_SESSION_KEY]
+        assert backend_path in settings.AUTHENTICATION_BACKENDS
         backend = load_backend(backend_path)
         user = backend.get_user(user_id) or AnonymousUser()
-    except KeyError:
+    except (KeyError, AssertionError):
         user = AnonymousUser()
     return user
diff --git a/django/contrib/auth/tests/test_auth_backends.py b/django/contrib/auth/tests/test_auth_backends.py
@@ -2,12 +2,14 @@
 from datetime import date
 
 from django.conf import settings
+from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, Group, Permission, AnonymousUser
 from django.contrib.auth.tests.utils import skipIfCustomUser
 from django.contrib.auth.tests.test_custom_user import ExtensionUser, CustomPermissionsUser, CustomUser
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ImproperlyConfigured, PermissionDenied
-from django.contrib.auth import authenticate
+from django.contrib.auth import authenticate, get_user
+from django.http import HttpRequest
 from django.test import TestCase
 from django.test.utils import override_settings
 
@@ -402,3 +404,52 @@ def test_permission_denied(self):
             settings.AUTHENTICATION_BACKENDS) + (backend, ))
     def test_authenticates(self):
         self.assertEqual(authenticate(username='test', password='test'), self.user1)
+
+
+class NewModelBackend(ModelBackend):
+    pass
+
+
+@skipIfCustomUser
+class ChangedBackendSettingsTest(TestCase):
+    """
+    Tests for changes in the settings.AUTHENTICATION_BACKENDS
+    """
+    backend = 'django.contrib.auth.tests.test_auth_backends.NewModelBackend'
+
+    TEST_USERNAME = 'test_user'
+    TEST_PASSWORD = 'test_password'
+    TEST_EMAIL = 'test@example.com'
+
+    def setUp(self):
+        User.objects.create_user(self.TEST_USERNAME,
+                                 self.TEST_EMAIL,
+                                 self.TEST_PASSWORD)
+
+    @override_settings(AUTHENTICATION_BACKENDS=(backend, ))
+    def test_changed_backend_settings(self):
+        """
+        Tests that removing a backend configured in AUTHENTICATION_BACKENDS
+        make already logged-in users disconnect.
+        """
+
+        # Get a session for the test user
+        self.assertTrue(self.client.login(
+            username=self.TEST_USERNAME,
+            password=self.TEST_PASSWORD)
+        )
+
+        # Prepare a request object
+        request = HttpRequest()
+        request.session = self.client.session
+
+        # Remove NewModelBackend
+        with self.settings(AUTHENTICATION_BACKENDS=(
+                'django.contrib.auth.backends.ModelBackend',)):
+            # Get the user from the request
+            user = get_user(request)
+
+            # Assert that the user retrieval is successful and the user is
+            # anonymous as the backend is not longer available.
+            self.assertIsNotNone(user)
+            self.assertTrue(user.is_anonymous())
diff --git a/django/contrib/auth/tests/test_management.py b/django/contrib/auth/tests/test_management.py
@@ -7,6 +7,7 @@
 from django.contrib.auth.models import User
 from django.contrib.auth.tests.test_custom_user import CustomUser
 from django.contrib.auth.tests.utils import skipIfCustomUser
+from django.contrib.contenttypes.models import ContentType
 from django.core.management import call_command
 from django.core.management.base import CommandError
 from django.core.management.validation import get_validation_errors
@@ -195,6 +196,7 @@ def setUp(self):
 
     def tearDown(self):
         models.Permission._meta.permissions = self._original_permissions
+        ContentType.objects.clear_cache()
 
     def test_duplicated_permissions(self):
         """

diff --git a/django/core/cache/backends/base.py b/django/core/cache/backends/base.py
@@ -15,6 +15,10 @@ class CacheKeyWarning(DjangoRuntimeWarning):
     pass
 
 
+# Stub class to ensure not passing in a `timeout` argument results in
+# the default timeout
+DEFAULT_TIMEOUT = object()
+
 # Memcached does not accept keys longer than this.
 MEMCACHE_MAX_KEY_LENGTH = 250
 
@@ -84,7 +88,7 @@ def make_key(self, key, version=None):
         new_key = self.key_func(key, self.key_prefix, version)
         return new_key
 
-    def add(self, key, value, timeout=None, version=None):
+    def add(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         """
         Set a value in the cache if the key does not already exist. If
         timeout is given, that timeout will be used for the key; otherwise
@@ -101,7 +105,7 @@ def get(self, key, default=None, version=None):
         """
         raise NotImplementedError
 
-    def set(self, key, value, timeout=None, version=None):
+    def set(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         """
         Set a value in the cache. If timeout is given, that timeout will be
         used for the key; otherwise the default cache timeout will be used.
@@ -163,7 +167,7 @@ def __contains__(self, key):
         # if a subclass overrides it.
         return self.has_key(key)
 
-    def set_many(self, data, timeout=None, version=None):
+    def set_many(self, data, timeout=DEFAULT_TIMEOUT, version=None):
         """
         Set a bunch of values in the cache at once from a dict of key/value
         pairs.  For certain backends (memcached), this is much more efficient

diff --git a/django/core/cache/backends/db.py b/django/core/cache/backends/db.py
@@ -9,7 +9,7 @@
     import pickle
 
 from django.conf import settings
-from django.core.cache.backends.base import BaseCache
+from django.core.cache.backends.base import BaseCache, DEFAULT_TIMEOUT
 from django.db import connections, transaction, router, DatabaseError
 from django.utils import timezone, six
 from django.utils.encoding import force_bytes
@@ -65,6 +65,7 @@ def get(self, key, default=None, version=None):
         if row is None:
             return default
         now = timezone.now()
+    
         if row[2] < now:
             db = router.db_for_write(self.cache_model_class)
             cursor = connections[db].cursor()
@@ -74,18 +75,18 @@ def get(self, key, default=None, version=None):
         value = connections[db].ops.process_clob(row[1])
         return pickle.loads(base64.b64decode(force_bytes(value)))
 
-    def set(self, key, value, timeout=None, version=None):
+    def set(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         key = self.make_key(key, version=version)
         self.validate_key(key)
         self._base_set('set', key, value, timeout)
 
-    def add(self, key, value, timeout=None, version=None):
+    def add(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         key = self.make_key(key, version=version)
         self.validate_key(key)
         return self._base_set('add', key, value, timeout)
 
-    def _base_set(self, mode, key, value, timeout=None):
-        if timeout is None:
+    def _base_set(self, mode, key, value, timeout=DEFAULT_TIMEOUT):
+        if timeout == DEFAULT_TIMEOUT:
             timeout = self.default_timeout
         db = router.db_for_write(self.cache_model_class)
         table = connections[db].ops.quote_name(self._table)
@@ -95,7 +96,9 @@ def _base_set(self, mode, key, value, timeout=None):
         num = cursor.fetchone()[0]
         now = timezone.now()
         now = now.replace(microsecond=0)
-        if settings.USE_TZ:
+        if timeout is None:
+            exp = datetime.max
+        elif settings.USE_TZ:
             exp = datetime.utcfromtimestamp(time.time() + timeout)
         else:
             exp = datetime.fromtimestamp(time.time() + timeout)

diff --git a/django/core/cache/backends/dummy.py b/django/core/cache/backends/dummy.py
@@ -1,12 +1,12 @@
 "Dummy cache backend"
 
-from django.core.cache.backends.base import BaseCache
+from django.core.cache.backends.base import BaseCache, DEFAULT_TIMEOUT
 
 class DummyCache(BaseCache):
     def __init__(self, host, *args, **kwargs):
         BaseCache.__init__(self, *args, **kwargs)
 
-    def add(self, key, value, timeout=None, version=None):
+    def add(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         key = self.make_key(key, version=version)
         self.validate_key(key)
         return True
@@ -16,7 +16,7 @@ def get(self, key, default=None, version=None):
         self.validate_key(key)
         return default
 
-    def set(self, key, value, timeout=None, version=None):
+    def set(self, key, value, timeout=DEFAULT_TIMEOUT, version=None):
         key = self.make_key(key, version=version)
         self.validate_key(key)
 
@@ -32,7 +32,7 @@ def has_key(self, key, version=None):
         self.validate_key(key)
         return False
 
-    def set_many(self, data, timeout=0, version=None):
+    def set_many(self, data, timeout=DEFAULT_TIMEOUT, version=None):
         pass
 
     def delete_many(self, keys, version=None):