Allow to set unusable password via admin UI
Django allows to have user accounts with unusable passwords, either because authentication uses a different mechanism (e.g. LDAP) or because the User object is still needed (e.g. because it is referenced by a ForeignKey) but the user should no longer be allowed to log in.
However, this functionality is not available from the admin UI. When creating a user or changing the password I am forced to enter a password.
I propose to make the password fields optional in the Admin UI and set an unusable password if they are blank.
I am sorry if this has been discussed before. I looked before posting this but could not find anything.
PR
Change History
(19)
Triage Stage: |
Unreviewed → Accepted
|
Version: |
4.1 → dev
|
Cc: |
Carlton Gibson Sarah Boyce added
|
Owner: |
changed from nobody to SAHIL SANJAY CHALKE
|
Status: |
new → assigned
|
Owner: |
changed from SAHIL SANJAY CHALKE to Fabian Braun
|
Description: |
modified (diff)
|
Has patch: |
set
|
Needs documentation: |
set
|
Patch needs improvement: |
set
|
Needs documentation: |
unset
|
Patch needs improvement: |
unset
|
Needs tests: |
set
|
Patch needs improvement: |
set
|
Needs tests: |
unset
|
Patch needs improvement: |
unset
|
Patch needs improvement: |
set
|
Triage Stage: |
Accepted → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
Thanks for the ticket. I agree that it would nice to add an option to create users with an unusable password in the admin, however, any implicit logic can be confusing here (see comment). Therefore, I'm not in favor of your proposal to:
Maybe a checkbox in the "Add user" form e.g. "Usable password" (checked by default) that would hide password fields when unchecked 🤔, or sth similar.
Tentatively accepted.