Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.2.X] Fixed #15371 -- Ensure that a superuser created with the crea…

…tesuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.

Backport of r15631 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15632 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 8ed8b249efa54d379f018b4ed906980c9865f0c1 1 parent e89c471
@freakboy3742 freakboy3742 authored
View
3  django/contrib/auth/management/commands/createsuperuser.py
@@ -53,7 +53,8 @@ def handle(self, *args, **options):
except exceptions.ValidationError:
raise CommandError("Invalid email address.")
- password = ''
+ # If not provided, create the user with an unusable password
+ password = None
# Try to determine the current system user's username to use as a default.
try:
View
9 django/contrib/auth/tests/basic.py
@@ -62,7 +62,9 @@ def test_createsuperuser_management_command(self):
self.assertEqual(command_output, 'Superuser created successfully.')
u = User.objects.get(username="joe")
self.assertEquals(u.email, 'joe@somewhere.org')
- self.assertTrue(u.check_password(''))
+
+ # created password should be unusable
+ self.assertFalse(u.has_usable_password())
# We can supress output on the management command
new_io = StringIO()
@@ -77,7 +79,8 @@ def test_createsuperuser_management_command(self):
self.assertEqual(command_output, '')
u = User.objects.get(username="joe2")
self.assertEquals(u.email, 'joe2@somewhere.org')
- self.assertTrue(u.check_password(''))
+ self.assertFalse(u.has_usable_password())
+
new_io = StringIO()
call_command("createsuperuser",
@@ -88,5 +91,5 @@ def test_createsuperuser_management_command(self):
)
u = User.objects.get(username="joe+admin@somewhere.org")
self.assertEquals(u.email, 'joe@somewhere.org')
- self.assertTrue(u.check_password(''))
+ self.assertFalse(u.has_usable_password())
Please sign in to comment.
Something went wrong with that request. Please try again.