Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #15371 -- Ensure that a superuser created with the createsuperu…

…ser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit b9a20d1e3bacd9e461dd8b82c219b5100c4b7876 1 parent 37343ba
Russell Keith-Magee authored February 22, 2011
3  django/contrib/auth/management/commands/createsuperuser.py
@@ -53,7 +53,8 @@ def handle(self, *args, **options):
53 53
             except exceptions.ValidationError:
54 54
                 raise CommandError("Invalid email address.")
55 55
 
56  
-        password = ''
  56
+        # If not provided, create the user with an unusable password
  57
+        password = None
57 58
 
58 59
         # Try to determine the current system user's username to use as a default.
59 60
         try:
9  django/contrib/auth/tests/basic.py
@@ -62,7 +62,9 @@ def test_createsuperuser_management_command(self):
62 62
         self.assertEqual(command_output, 'Superuser created successfully.')
63 63
         u = User.objects.get(username="joe")
64 64
         self.assertEquals(u.email, 'joe@somewhere.org')
65  
-        self.assertTrue(u.check_password(''))
  65
+
  66
+        # created password should be unusable
  67
+        self.assertFalse(u.has_usable_password())
66 68
 
67 69
         # We can supress output on the management command
68 70
         new_io = StringIO()
@@ -77,7 +79,8 @@ def test_createsuperuser_management_command(self):
77 79
         self.assertEqual(command_output, '')
78 80
         u = User.objects.get(username="joe2")
79 81
         self.assertEquals(u.email, 'joe2@somewhere.org')
80  
-        self.assertTrue(u.check_password(''))
  82
+        self.assertFalse(u.has_usable_password())
  83
+
81 84
 
82 85
         new_io = StringIO()
83 86
         call_command("createsuperuser",
@@ -88,5 +91,5 @@ def test_createsuperuser_management_command(self):
88 91
         )
89 92
         u = User.objects.get(username="joe+admin@somewhere.org")
90 93
         self.assertEquals(u.email, 'joe@somewhere.org')
91  
-        self.assertTrue(u.check_password(''))
  94
+        self.assertFalse(u.has_usable_password())
92 95
 

0 notes on commit b9a20d1

Please sign in to comment.
Something went wrong with that request. Please try again.