diff --git a/django/contrib/auth/management/commands/changepassword.py b/django/contrib/auth/management/commands/changepassword.py new file mode 100644 index 0000000000..56448f1424 --- /dev/null +++ b/django/contrib/auth/management/commands/changepassword.py @@ -0,0 +1,48 @@ +from django.core.management.base import BaseCommand, CommandError +from django.contrib.auth.models import User +import getpass + +class Command(BaseCommand): + help = "Change a user's password for django.contrib.auth." + + requires_model_validation = False + + def _get_pass(self, prompt="Password: "): + p = getpass.getpass(prompt=prompt) + if not p: + raise CommandError("aborted") + return p + + def handle(self, *args, **options): + if len(args) > 1: + raise CommandError("need exactly one or zero arguments for username") + + if args: + username, = args + else: + username = getpass.getuser() + + try: + u = User.objects.get(username=username) + except User.DoesNotExist: + raise CommandError("user '%s' does not exist" % username) + + print "Changing password for user '%s'" % u.username + + MAX_TRIES = 3 + count = 0 + p1, p2 = 1, 2 # To make them initially mismatch. + while p1 != p2 and count < MAX_TRIES: + p1 = self._get_pass() + p2 = self._get_pass("Password (again): ") + if p1 != p2: + print "Passwords do not match. Please try again." + count = count + 1 + + if count == MAX_TRIES: + raise CommandError("Aborting password change for user '%s' after %s attempts" % (username, count)) + + u.set_password(p1) + u.save() + + return "Password changed successfully for user '%s'" % u.username diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index ab9d268fe1..0e7e264dc0 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -25,7 +25,7 @@ The auth system consists of: .. deprecated:: 1.2 The Messages component of the auth system will be removed in Django 1.4. - + Installation ============ @@ -243,7 +243,7 @@ Methods .. method:: models.User.has_perms(perm_list, obj=None) Returns ``True`` if the user has each of the specified permissions, - where each perm is in the format + where each perm is in the format ``"."``. If the user is inactive, this method will always return ``False``. @@ -351,7 +351,18 @@ Django requires add *and* change permissions as a slight security measure. Changing passwords ~~~~~~~~~~~~~~~~~~ -Change a password with :meth:`~django.contrib.auth.models.User.set_password()`: +.. versionadded:: 1.2 + The ``manage.py change_password`` command was added. + +:djadmin:`manage.py change_password ` offers a method of +changing a User's password from the command line. It prompts you to +change the password of a given user which you must enter twice. If +they both match, the new password will be changed immediately. If you +do not supply a user, the command will attempt to change the password +whose username matches the current user. + +You can also change a password programmatically, using +:meth:`~django.contrib.auth.models.User.set_password()`: .. code-block:: python