Changes between Initial Version and Version 1 of Ticket #27045


Ignore:
Timestamp:
Aug 10, 2016, 10:41:47 AM (8 years ago)
Author:
Tim Graham
Comment:

Here's a documentation PR to clarify the design decision about this.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #27045

    • Property Component Core (Management commands)Documentation
    • Property Has patch set
    • Property Owner changed from nobody to Tim Graham
    • Property Triage Stage UnreviewedAccepted
    • Property Status newassigned
    • Property Summary create_user and create_superuser do not enforce AUTH_PASSWORD_VALIDATORSDocument that AUTH_PASSWORD_VALIDATORS doesn't apply to create_user() and create_superuser()
    • Property Type BugCleanup/optimization

  • Ticket #27045 – Description

    initial v1  
    1 According to this [https://groups.google.com/forum/#!searchin/django-users/AUTH_PASSWORD_VALIDATORS$20create_user%7Csort:relevance/django-users/3nL4cImH1Ls/JPVdlUX9CAAJ thread], the create_user method does not enforce the password validators which I ran into while trying to unittest my validation settings. This seems quite dangerous especially since most validation in django is normally on the model level and many developers like myself may assume these management commands would enforce these settings.
     1According to this [https://groups.google.com/forum/#!searchin/django-users/AUTH_PASSWORD_VALIDATORS$20create_user%7Csort:relevance/django-users/3nL4cImH1Ls/JPVdlUX9CAAJ thread], the `create_user()` method does not enforce the password validators which I ran into while trying to unittest my validation settings. This seems quite dangerous especially since most validation in django is normally on the model level and many developers like myself may assume these methods would enforce these settings.
Back to Top