createsuperuser with --noinput creates users with empty password
|Reported by:||yishaibeeri||Owned by:||nobody|
|Cc:||yishaibeeri||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
As of , empty passwords are allowed by the contrib.auth User model and helper functions.
As a side effect, when running the createsuperuser management command in non-interactive mode, the created superuser is given the (valid) empty password. However, the usage string displayed when running
createsuperuser --help promises that the user will be created with
IMHO, the previous behavior (create the user with UNUSABLE_PASSWORD) is the correct one - I'm attaching a patch that fixes this.
If the new, empty-password behavior, is decided to be the right one, then the usage string for createsuperuser should be fixed to reflect that.
Change History (11)
comment:1 follow-up: 3 Changed 6 years ago by
|Patch needs improvement:||unset|