createsuperuser with --noinput creates users with empty password
|Reported by:||yishaibeeri||Owned by:||nobody|
|Cc:||yishaibeeri||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
As of , empty passwords are allowed by the contrib.auth User model and helper functions.
As a side effect, when running the createsuperuser management command in non-interactive mode, the created superuser is given the (valid) empty password. However, the usage string displayed when running createsuperuser --help promises that the user will be created with auth.models.UNUSABLE_PASSWORD.
IMHO, the previous behavior (create the user with UNUSABLE_PASSWORD) is the correct one - I'm attaching a patch that fixes this.
If the new, empty-password behavior, is decided to be the right one, then the usage string for createsuperuser should be fixed to reflect that.
Change History (11)
Changed 5 years ago by yishaibeeri
comment:1 follow-up: ↓ 3 Changed 5 years ago by russellm
- Keywords blocker added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset