Opened 5 years ago

Closed 5 years ago

Last modified 2 years ago

#29628 closed Bug (fixed)

createsuperuser does not validate password against username or other required fields

Reported by: Josh Schneier Owned by: Josh Schneier
Component: contrib.auth Version: 2.1
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description


Change History (8)

comment:1 Changed 5 years ago by Josh Schneier

Owner: changed from nobody to Josh Schneier
Status: newassigned

comment:2 Changed 5 years ago by Tim Graham

Summary: Createsuperuser does not validate password against username or other required fieldscreatesuperuser does not validate password against username or other required fields

It looks to me like it does (as of 53d28f83390aed98fab4eed187eaf1edaa92c6d0). Is there a bug with the fake_user_data approach?

comment:3 Changed 5 years ago by Josh Schneier

Username isn’t included in fake user data and the validation runs inside of the for loop before all fields can be collected. I have failing test cases I just pushed up in a PR.

comment:4 Changed 5 years ago by Tim Graham

Triage Stage: UnreviewedAccepted

comment:5 Changed 5 years ago by Tim Graham

Has patch: set

PR

comment:6 Changed 5 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 793e9bb3:

Fixed #29628 -- Made createsuperuser validate password against username and required fields.

comment:7 Changed 2 years ago by GitHub <noreply@…>

In da266b3:

Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

comment:8 Changed 2 years ago by Mariusz Felisiak <felisiak.mariusz@…>

In 224fa0bc:

[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main

Note: See TracTickets for help on using tickets.
Back to Top