From 8ed8b249efa54d379f018b4ed906980c9865f0c1 Mon Sep 17 00:00:00 2001
From: Russell Keith-Magee <russell@keith-magee.com>
Date: Tue, 22 Feb 2011 11:35:25 +0000
Subject: [PATCH] [1.2.X] Fixed #15371 -- Ensure that a superuser created with
 the createsuperuser management command with --noinput has an invalid
 password, not a blank password. Thanks to yishaibeeri for the report and
 patch.

Backport of r15631 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15632 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 .../contrib/auth/management/commands/createsuperuser.py  | 3 ++-
 django/contrib/auth/tests/basic.py                       | 9 ++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/django/contrib/auth/management/commands/createsuperuser.py b/django/contrib/auth/management/commands/createsuperuser.py
index 9939e3da77..9ab5526852 100644
--- a/django/contrib/auth/management/commands/createsuperuser.py
+++ b/django/contrib/auth/management/commands/createsuperuser.py
@@ -53,7 +53,8 @@ class Command(BaseCommand):
             except exceptions.ValidationError:
                 raise CommandError("Invalid email address.")
 
-        password = ''
+        # If not provided, create the user with an unusable password
+        password = None
 
         # Try to determine the current system user's username to use as a default.
         try:
diff --git a/django/contrib/auth/tests/basic.py b/django/contrib/auth/tests/basic.py
index 7493dc68da..132e7f77f9 100644
--- a/django/contrib/auth/tests/basic.py
+++ b/django/contrib/auth/tests/basic.py
@@ -62,7 +62,9 @@ class BasicTestCase(TestCase):
         self.assertEqual(command_output, 'Superuser created successfully.')
         u = User.objects.get(username="joe")
         self.assertEquals(u.email, 'joe@somewhere.org')
-        self.assertTrue(u.check_password(''))
+
+        # created password should be unusable
+        self.assertFalse(u.has_usable_password())
 
         # We can supress output on the management command
         new_io = StringIO()
@@ -77,7 +79,8 @@ class BasicTestCase(TestCase):
         self.assertEqual(command_output, '')
         u = User.objects.get(username="joe2")
         self.assertEquals(u.email, 'joe2@somewhere.org')
-        self.assertTrue(u.check_password(''))
+        self.assertFalse(u.has_usable_password())
+
 
         new_io = StringIO()
         call_command("createsuperuser",
@@ -88,5 +91,5 @@ class BasicTestCase(TestCase):
         )
         u = User.objects.get(username="joe+admin@somewhere.org")
         self.assertEquals(u.email, 'joe@somewhere.org')
-        self.assertTrue(u.check_password(''))
+        self.assertFalse(u.has_usable_password())