Opened 3 years ago

Closed 3 years ago

#33178 closed Bug (fixed)

createsuperuser does not validate REQUIRED_FIELDS values in interactive mode when passed by command-line.

Reported by: Christophe Henry Owned by: Christophe Henry
Component: contrib.auth Version: 3.2
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

createsuperuser command will alway perform a field validation using field.clean when creating a new user. In non-interactive mode, it is done here. In interactive mode, it is performed in `get_input_data` when the value is requested from input. But if the valued was passed using -- command, the field is never validated.

The consequence is it ends up passing a non-validated string to `UserManager.create_superuser` instead of a integer corresponding to an actual PK in DB.

Change History (10)

comment:1 by Mariusz Felisiak, 3 years ago

Has patch: set
Owner: changed from nobody to Christophe Henry
Status: newassigned
Summary: `creratesuperuser` does not validate `REQUIRED_FIELDS` fields value in interactive mode when passed by command-linecreatesuperuser does not validate REQUIRED_FIELDS values in interactive mode when passed by command-line.
Triage Stage: UnreviewedAccepted
Type: UncategorizedBug

comment:2 by Mariusz Felisiak, 3 years ago

Needs tests: set
Patch needs improvement: set

comment:3 by GitHub <noreply@…>, 3 years ago

In da266b3:

Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

comment:4 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

In 224fa0bc:

[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main

comment:5 by Mariusz Felisiak, 3 years ago

Needs tests: unset
Patch needs improvement: unset

comment:6 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

In 57273e15:

Refs #33178 -- Added createsuperuser tests for validation of foreign keys.

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

Resolution: fixed
Status: assignedclosed

In b1b26b3:

Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode.

comment:8 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

In 048fbf9c:

[4.0.x] Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode.

Backport of b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a from main.

comment:9 by Christophe Henry, 3 years ago

Has patch: unset
Resolution: fixed
Status: closednew
Version: 3.13.2

The fixes for this bug were never backported to Django 3.

comment:10 by Mariusz Felisiak, 3 years ago

Has patch: set
Resolution: fixed
Status: newclosed

Please don't reopen closed tickets. This issue is not a regression in Django 3.2, per our backporting policy this means it doesn't qualify for a backport to 3.2.x anymore. See Django’s release process for more details.

Note: See TracTickets for help on using tickets.
Back to Top