Open kostrom opened 3 years ago
kostrom
commented
3 years ago I had a previous pull request that didn't have tests, because I wasn't able to recreate the same middleware behavior. This test simplifies the issue by simply calling the bad code directly. I lost the repo, so redid the pull request from scratch.
mpasternak
commented
3 years ago Thank you for taking time to commit this patch and create unit test for it. I gave it some thought. I'm still not sure about this change. Which edge-cases did you hit exactly? The change looks legit and it has tests, but... Django usually sets request.user to something reasonable. Would you like to comment on this edge cases or so? Thanks!
In some unusual cases (which are probably poor practice on their own) the context_processors in password_policies can raise an exception, preventing other handlers from handling the real exception.
Ideally, we don't want password_policies making that situation worse, so I added some safety checks, and have introduced a unit test for the context_processors.py to validate these changes.