Django app using Twython Oauth returns 'AnonymousUser' object has no attribute 'backend'

Question

Django advanced beginner here. I'm banging my head against the wall trying to figure this one out. I have a simple webapp that uses twython_django_oauth tied into contrib.auth to register and login users. (I'm using twython out of the box with no modifications.) I can register new users via Twitter without a problem, which returns them to the app as a logged in user. Subsequent attempts to log in the user, however, returns this error:

Traceback:
File "/app/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/app/thislist/twython_django_oauth/views.py" in thanks
  80.     login(request, user)
File "/app/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in login
  82.     request.session[BACKEND_SESSION_KEY] = user.backend

Exception Type: AttributeError at /thanks
Exception Value: 'AnonymousUser' object has no attribute 'backend'

The one anomaly I notice is that in the Twitter accounts of the registered users that encounter this problem, the webapp shows up as authorized twice. Incidentally, this all seemed to be working fine a few weeks ago. I have two registered Twitter users that can log in without a problem. In those accounts, the app appears to be authorized only once. However, I can't seem to dial back the app to the point when these users registered to figure out what changes I made that may have caused the problem. If anyone has any insight into why the workflow here is returning AnonymousUser despite the user seeming to be registered with the appropriate credentials, I'd appreciate hearing from you!

Update: I've zeroed in on the cause of the problem. Each time the user is redirected back to the app after successfully entering their Twitter credentials, twython_django tries to log him/her in using a new 'oauth_token_secret' rather than grabbing the secret token generated during registration and stored in the webapp's Twitter profile database. As a result, django can't authenticate the user. So the question is: Why doesn't this

    try:
    user = User.objects.get(username = authorized_tokens['screen_name'])

generate a user object with the stored secret token.

Answer 1

When you are logging in for the first time, the example code creates a new django user with username=authorized_tokens['screen_name'] and password = authorized_tokens['oauth_token_secret']. The second time when you login, the authorized_tokens['oauth_token_secret'] changes, so if you use the changed token to authenticate, it will return AnonymousUser since the password is wrong.

To make it work, add the following lines after:

user = User.objects.get(username = authorized_tokens['screen_name'])
user.set_password(authorized_tokens['oauth_token_secret'])
user.save()

Hope this answer is clear. Please feel free to ask questions

Answer 2

I'm the author of Twython (and the related Twython-Django package).

I've looked over your question for a bit now, and I'm a bit lost as to what the issue is. This is the first I've heard of it, and I don't think anything's changed in recent releases of Django that'd affect this (I double checked authenticate() and the related to be sure...).

I'm happy to help debug, though - just as a quick sanity check, have you tried opening up a console and manually running through authenticate() with sample data? Ultimately, that's what's producing the issue with an AnonymusUser, it would seem. Narrowing the scope here would help, as the issue isn't really with the try/except - all that does is check if a User exists in the DB, and then if not creates them. It doesn't relate to authentication at all. :)

Let me know if I can help you debug, and feel free to reach out to me personally if you still need any help!