Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#27045 closed Cleanup/optimization (fixed)

Document that AUTH_PASSWORD_VALIDATORS doesn't apply to create_user() and create_superuser()

Reported by: Chris Griffin Owned by: Tim Graham
Component: Documentation Version: 1.9
Severity: Normal Keywords: AUTH_PASSWORD_VALIDATORS
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Tim Graham)

According to this thread, the create_user() method does not enforce the password validators which I ran into while trying to unittest my validation settings. This seems quite dangerous especially since most validation in django is normally on the model level and many developers like myself may assume these methods would enforce these settings.

Change History (4)

comment:1 Changed 6 years ago by Tim Graham

Component: Core (Management commands)Documentation
Description: modified (diff)
Has patch: set
Owner: changed from nobody to Tim Graham
Status: newassigned
Summary: create_user and create_superuser do not enforce AUTH_PASSWORD_VALIDATORSDocument that AUTH_PASSWORD_VALIDATORS doesn't apply to create_user() and create_superuser()
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

Here's a documentation PR to clarify the design decision about this.

comment:2 Changed 6 years ago by Claude Paroz

Triage Stage: AcceptedReady for checkin

comment:3 Changed 6 years ago by GitHub <noreply@…>

Resolution: fixed
Status: assignedclosed

In 796cc62:

Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.

comment:4 Changed 6 years ago by Tim Graham <timograham@…>

In 3fff7d3a:

[1.10.x] Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.

Backport of 796cc620269bcefa36e7bbf5f1a63855f00b8ea8 from master

Note: See TracTickets for help on using tickets.
Back to Top