Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.

This commit is contained in:
Mariusz Felisiak 2021-10-12 06:21:14 +02:00 committed by GitHub
parent 5b0f1f95d0
commit da266b3c5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 3 deletions

View File

@ -134,13 +134,13 @@ class Command(BaseCommand):
self.stderr.write('Error: This field cannot be blank.') self.stderr.write('Error: This field cannot be blank.')
continue continue
user_data[field_name] = [pk.strip() for pk in input_value.split(',')] user_data[field_name] = [pk.strip() for pk in input_value.split(',')]
if not field.many_to_many:
fake_user_data[field_name] = input_value
# Wrap any foreign keys in fake model instances # Wrap any foreign keys in fake model instances
if field.many_to_one: if field.many_to_one:
fake_user_data[field_name] = field.remote_field.model(input_value) fake_user_data[field_name] = field.remote_field.model(input_value)
if not field.many_to_many and field_name not in fake_user_data:
fake_user_data[field_name] = user_data[field_name]
# Prompt for a password if the model has one. # Prompt for a password if the model has one.
while PASSWORD_FIELD in user_data and user_data[PASSWORD_FIELD] is None: while PASSWORD_FIELD in user_data and user_data[PASSWORD_FIELD] is None:
password = getpass.getpass() password = getpass.getpass()

View File

@ -713,6 +713,46 @@ class CreatesuperuserManagementCommandTestCase(TestCase):
test(self) test(self)
@override_settings(
AUTH_USER_MODEL='auth_tests.CustomUser',
AUTH_PASSWORD_VALIDATORS=[
{'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
]
)
def test_validate_password_against_required_fields_via_option(self):
new_io = StringIO()
first_name = 'josephine'
entered_passwords = [
first_name, first_name,
'superduperunguessablepassword', 'superduperunguessablepassword',
]
def bad_then_good_password():
return entered_passwords.pop(0)
@mock_inputs({
'password': bad_then_good_password,
'bypass': 'n',
})
def test(self):
call_command(
'createsuperuser',
interactive=True,
first_name=first_name,
date_of_birth='1970-01-01',
email='joey@example.com',
stdin=MockTTY(),
stdout=new_io,
stderr=new_io,
)
self.assertEqual(
new_io.getvalue().strip(),
'The password is too similar to the first name.\n'
'Superuser created successfully.'
)
test(self)
def test_blank_username(self): def test_blank_username(self):
"""Creation fails if --username is blank.""" """Creation fails if --username is blank."""
new_io = StringIO() new_io = StringIO()