Allow to set unusable password via admin UI

[Tobias Bengfort]

Django allows to have user accounts with unusable passwords, either because authentication uses a different mechanism (e.g. LDAP) or because the User object is still needed (e.g. because it is referenced by a ForeignKey) but the user should no longer be allowed to log in.

However, this functionality is not available from the admin UI. When creating a user or changing the password I am forced to enter a password.

I propose to make the password fields optional in the Admin UI and set an unusable password if they are blank.

I am sorry if this has been discussed before. I looked before posting this but could not find anything.

​PR

[Mariusz Felisiak]

Thanks for the ticket. I agree that it would nice to add an option to create users with an unusable password in the admin, however, any implicit logic can be confusing here (see comment). Therefore, I'm not in favor of your proposal to:

... make the password fields optional in the Admin UI and set an unusable password if they are blank.

Maybe a checkbox in the "Add user" form e.g. "Usable password" (checked by default) that would hide password fields when unchecked 🤔, or sth similar.

Tentatively accepted.

[SAHIL SANJAY CHALKE]

i am starting to work on the project

[Fabian Braun]

Have a working solution. Will add tests and create a PR.

The checkbox field is called "Allow login" to clearly indicate that users w/o password will not be able to log in. Please let me know if "Usable password" is deemed a better label.

The password fields are only visible and validated if the checkbox is set.

[Fabian Braun]

Patch here: ​https://github.com/django/django/pull/16942