From b9a20d1e3bacd9e461dd8b82c219b5100c4b7876 Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Tue, 22 Feb 2011 11:33:04 +0000 Subject: [PATCH] Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15631 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- .../contrib/auth/management/commands/createsuperuser.py | 3 ++- django/contrib/auth/tests/basic.py | 9 ++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/django/contrib/auth/management/commands/createsuperuser.py b/django/contrib/auth/management/commands/createsuperuser.py index 9939e3da77..9ab5526852 100644 --- a/django/contrib/auth/management/commands/createsuperuser.py +++ b/django/contrib/auth/management/commands/createsuperuser.py @@ -53,7 +53,8 @@ class Command(BaseCommand): except exceptions.ValidationError: raise CommandError("Invalid email address.") - password = '' + # If not provided, create the user with an unusable password + password = None # Try to determine the current system user's username to use as a default. try: diff --git a/django/contrib/auth/tests/basic.py b/django/contrib/auth/tests/basic.py index 7493dc68da..132e7f77f9 100644 --- a/django/contrib/auth/tests/basic.py +++ b/django/contrib/auth/tests/basic.py @@ -62,7 +62,9 @@ class BasicTestCase(TestCase): self.assertEqual(command_output, 'Superuser created successfully.') u = User.objects.get(username="joe") self.assertEquals(u.email, 'joe@somewhere.org') - self.assertTrue(u.check_password('')) + + # created password should be unusable + self.assertFalse(u.has_usable_password()) # We can supress output on the management command new_io = StringIO() @@ -77,7 +79,8 @@ class BasicTestCase(TestCase): self.assertEqual(command_output, '') u = User.objects.get(username="joe2") self.assertEquals(u.email, 'joe2@somewhere.org') - self.assertTrue(u.check_password('')) + self.assertFalse(u.has_usable_password()) + new_io = StringIO() call_command("createsuperuser", @@ -88,5 +91,5 @@ class BasicTestCase(TestCase): ) u = User.objects.get(username="joe+admin@somewhere.org") self.assertEquals(u.email, 'joe@somewhere.org') - self.assertTrue(u.check_password('')) + self.assertFalse(u.has_usable_password())