p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.

This commit is contained in:
Tim Graham 2016-08-10 15:52:16 -04:00 committed by GitHub
parent 176f27049e
commit 796cc62026
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/topics/auth/passwords.txt
View File

@ -461,11 +461,17 @@ meet the requirements, and optionally receive passwords that have been set.
Validators can also have optional settings to fine tune their behavior. Validators can also have optional settings to fine tune their behavior.
Validation is controlled by the :setting:`AUTH_PASSWORD_VALIDATORS` setting. Validation is controlled by the :setting:`AUTH_PASSWORD_VALIDATORS` setting.
By default, validators are used in the forms to reset or change passwords.
The default for the setting is an empty list, which means no validators are The default for the setting is an empty list, which means no validators are
applied. In new projects created with the default :djadmin:`startproject` applied. In new projects created with the default :djadmin:`startproject`
template, a simple set of validators is enabled. template, a simple set of validators is enabled.
By default, validators are used in the forms to reset or change passwords and
in the :djadmin:`createsuperuser` and :djadmin:`changepassword` management
commands. Validators aren't applied at the model level, for example in
``User.objects.create_user()`` and ``create_superuser()``, because we assume
that developers, not users, interact with Django at that level and also because
model validation doesn't automatically run as part of creating models.
.. note:: .. note::
Password validation can prevent the use of many types of weak passwords. Password validation can prevent the use of many types of weak passwords.