Fixed #7833 -- Improved UserCreationForm password validation

Make UserCreationForm password validation similar to
SetPasswordForm and AdminPasswordChangeForm, so as the match
check is only done when both passwords are supplied.
Thanks Mitar for the suggestion.

django/contrib/auth/forms.py

@@ -89,9 +89,9 @@ class UserCreationForm(forms.ModelForm):
         raise forms.ValidationError(self.error_messages['duplicate_username'])
 
     def clean_password2(self):
-        password1 = self.cleaned_data.get("password1", "")
+        password1 = self.cleaned_data.get("password1")
-        password2 = self.cleaned_data["password2"]
+        password2 = self.cleaned_data.get("password2")
-        if password1 != password2:
+        if password1 and password2 and password1 != password2:
             raise forms.ValidationError(
                 self.error_messages['password_mismatch'])
         return password2

django/contrib/auth/tests/forms.py

@@ -65,6 +65,7 @@ class UserCreationFormTest(TestCase):
         form = UserCreationForm(data)
         self.assertFalse(form.is_valid())
         self.assertEqual(form['password1'].errors, required_error)
+        self.assertEqual(form['password2'].errors, [])
 
     def test_success(self):
         # The success case.