Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#29628 closed Bug (fixed)

createsuperuser does not validate password against username or other required fields

Reported by: Josh Schneier Owned by: Josh Schneier
Component: contrib.auth Version: 2.1
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description


Change History (8)

comment:1 by Josh Schneier, 6 years ago

Owner: changed from nobody to Josh Schneier
Status: newassigned

comment:2 by Tim Graham, 6 years ago

Summary: Createsuperuser does not validate password against username or other required fieldscreatesuperuser does not validate password against username or other required fields

It looks to me like it does (as of 53d28f83390aed98fab4eed187eaf1edaa92c6d0). Is there a bug with the fake_user_data approach?

comment:3 by Josh Schneier, 6 years ago

Username isn’t included in fake user data and the validation runs inside of the for loop before all fields can be collected. I have failing test cases I just pushed up in a PR.

comment:4 by Tim Graham, 6 years ago

Triage Stage: UnreviewedAccepted

comment:5 by Tim Graham, 6 years ago

Has patch: set

comment:6 by Tim Graham <timograham@…>, 6 years ago

Resolution: fixed
Status: assignedclosed

In 793e9bb3:

Fixed #29628 -- Made createsuperuser validate password against username and required fields.

comment:7 by GitHub <noreply@…>, 3 years ago

In da266b3:

Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

comment:8 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

In 224fa0bc:

[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main

Note: See TracTickets for help on using tickets.
Back to Top