id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15371	createsuperuser with --noinput creates users with empty password	yishaibeeri	nobody	"As of [14053], empty passwords are allowed by the contrib.auth User model and helper functions.

As a side effect, when running the createsuperuser management command in non-interactive mode, the created superuser is given the (valid) empty password. However, the usage string displayed when running {{{createsuperuser --help}}} promises that the user will be created with {{{auth.models.UNUSABLE_PASSWORD}}}.

IMHO, the previous behavior (create the user with UNUSABLE_PASSWORD) is the correct one - I'm attaching a patch that fixes this.

If the new, empty-password behavior, is decided to be the right one, then the usage string for createsuperuser should be fixed to reflect that.

Also see https://groups.google.com/group/django-developers/browse_thread/thread/36da4515d621fb78/e07fa8b7b876bea5"		closed	contrib.auth	dev		fixed	createsuperuser blocker	yishaibeeri	Ready for checkin	1	0	0	0	0	0