Opened 12 years ago
Closed 12 years ago
#18897 closed New feature (wontfix)
add the password as 2nd argument to changepassword command
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Core (Management commands) | Version: | 1.4 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Added the possibility to pass the username and the password to 'changepassword' command.
This was the only cmd that need user input during initial setup
!sh # rm sqlite3.db; python manage.py syncdb --noinput; \ python manage.py createsuperuser --noinput --username=maduma --email=maduma@pt.lu; \ python manage.py changepassword maduma not4u # python manage.py changepassword maduma not4u Changing password for user 'maduma' Password changed successfully for user 'maduma' # diff changepassword-old.py changepassword.py 25,26c25,26 < if len(args) > 1: < raise CommandError("need exactly one or zero arguments for username") --- > if len(args) > 2: > raise CommandError("need exactly one, two or zero arguments for username and password") 28c28,30 < if args: --- > if len(args) == 2: > username, p1 = args > elif len(args) == 1: 40,48c42,53 < MAX_TRIES = 3 < count = 0 < p1, p2 = 1, 2 # To make them initially mismatch. < while p1 != p2 and count < MAX_TRIES: < p1 = self._get_pass() < p2 = self._get_pass("Password (again): ") < if p1 != p2: < self.stdout.write("Passwords do not match. Please try again.\n") < count = count + 1 --- > if not p1: > MAX_TRIES = 3 > count = 0 > p1, p2 = 1, 2 # To make them initially mismatch. > while p1 != p2 and count < MAX_TRIES: > p1 = self._get_pass() > p2 = self._get_pass("Password (again): ") > if p1 != p2: > self.stdout.write("Passwords do not match. Please try again.\n") > count = count + 1 > if count == MAX_TRIES: > raise CommandError("Aborting password change for user '%s' after %s attempts" % (username, count)) 50,52d54 < if count == MAX_TRIES: < raise CommandError("Aborting password change for user '%s' after %s attempts" % (username, count)) <
Note:
See TracTickets
for help on using tickets.
Thanks for the suggestion; however, I'm going to reject this as a feature request.
Passwords should always be entered manually from a TTY input. Any mechanism to work around this is a potential security risk. Consider: