Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

After discussing with Malcolm, added set_unusable_password() and has_…

…usable_password() methods to the User object, plus tests and updated documentation

git-svn-id: http://code.djangoproject.com/svn/django/trunk@5771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit fd2b99b5f122911b895987329507ee419a159a2c 1 parent 5b898f3
authored July 28, 2007
19  django/contrib/auth/models.py
@@ -7,6 +7,8 @@
7 7
 import datetime
8 8
 import urllib
9 9
 
  10
+UNUSABLE_PASSWORD = '!' # This will never be a valid hash
  11
+
10 12
 try:
11 13
     set
12 14
 except NameError:
@@ -83,11 +85,14 @@ def __unicode__(self):
83 85
         return self.name
84 86
 
85 87
 class UserManager(models.Manager):
86  
-    def create_user(self, username, email, password):
  88
+    def create_user(self, username, email, password=None):
87 89
         "Creates and saves a User with the given username, e-mail and password."
88 90
         now = datetime.datetime.now()
89 91
         user = self.model(None, username, '', '', email.strip().lower(), 'placeholder', False, True, False, now, now)
90  
-        user.set_password(password)
  92
+        if password:
  93
+            user.set_password(password)
  94
+        else:
  95
+            user.set_unusable_password()
91 96
         user.save()
92 97
         return user
93 98
 
@@ -179,6 +184,13 @@ def check_password(self, raw_password):
179 184
             return is_correct
180 185
         return check_password(raw_password, self.password)
181 186
 
  187
+    def set_unusable_password(self):
  188
+        # Sets a value that will never be a valid hash
  189
+        self.password = UNUSABLE_PASSWORD
  190
+
  191
+    def has_usable_password(self):
  192
+        return self.password != UNUSABLE_PASSWORD
  193
+
182 194
     def get_group_permissions(self):
183 195
         "Returns a list of permission strings that this user has through his/her groups."
184 196
         if not hasattr(self, '_group_perm_cache'):
@@ -268,7 +280,8 @@ def get_profile(self):
268 280
         return self._profile_cache
269 281
 
270 282
 class Message(models.Model):
271  
-    """The message system is a lightweight way to queue messages for given users. A message is associated with a User instance (so it is only applicable for registered users). There's no concept of expiration or timestamps. Messages are created by the Django admin after successful actions. For example, "The poll Foo was created successfully." is a message.
  283
+    """
  284
+    The message system is a lightweight way to queue messages for given users. A message is associated with a User instance (so it is only applicable for registered users). There's no concept of expiration or timestamps. Messages are created by the Django admin after successful actions. For example, "The poll Foo was created successfully." is a message.
272 285
     """
273 286
     user = models.ForeignKey(User)
274 287
     message = models.TextField(_('message'))
19  django/contrib/auth/tests.py
... ...
@@ -0,0 +1,19 @@
  1
+"""
  2
+>>> from models import User
  3
+>>> u = User.objects.create_user('testuser', 'test@example.com', 'testpw')
  4
+>>> u.has_usable_password()
  5
+True
  6
+>>> u.check_password('bad')
  7
+False
  8
+>>> u.check_password('testpw')
  9
+True
  10
+>>> u.set_unusable_password()
  11
+>>> u.save()
  12
+>>> u.check_password('testpw')
  13
+False
  14
+>>> u.has_usable_password()
  15
+False
  16
+>>> u2 = User.objects.create_user('testuser2', 'test2@example.com')
  17
+>>> u2.has_usable_password()
  18
+False
  19
+"""
19  docs/authentication.txt
@@ -114,6 +114,17 @@ custom methods:
114 114
       string is the correct password for the user. (This takes care of the
115 115
       password hashing in making the comparison.)
116 116
 
  117
+    * ``set_unusable_password()`` -- Marks the user as having no password set. 
  118
+      This isn't the same as having a blank string for a password.
  119
+      ``check_password()`` for this user will never return ``True``. Doesn't 
  120
+      save the ``User`` object.
  121
+      
  122
+      You may need this if authentication for your application takes place  
  123
+      against an existing external source such as an LDAP directory.
  124
+
  125
+    * ``has_usable_password()`` -- Returns ``False`` if 
  126
+      ``set_unusable_password()`` has been called for this user.
  127
+
117 128
     * ``get_group_permissions()`` -- Returns a list of permission strings that
118 129
       the user has, through his/her groups.
119 130
 
@@ -152,9 +163,11 @@ Manager functions
152 163
 
153 164
 The ``User`` model has a custom manager that has the following helper functions:
154 165
 
155  
-    * ``create_user(username, email, password)`` -- Creates, saves and returns
156  
-      a ``User``. The ``username``, ``email`` and ``password`` are set as
157  
-      given, and the ``User`` gets ``is_active=True``.
  166
+    * ``create_user(username, email, password=None)`` -- Creates, saves and 
  167
+      returns a ``User``. The ``username``, ``email`` and ``password`` are set
  168
+      as given, and the ``User`` gets ``is_active=True``.
  169
+      
  170
+      If no password is provided, ``set_unusable_password()`` will be called.
158 171
 
159 172
       See _`Creating users` for example usage.
160 173
 

0 notes on commit fd2b99b

Please sign in to comment.
Something went wrong with that request. Please try again.