[1.2.X] Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.

Backport of r15631 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15632 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/auth/management/commands/createsuperuser.py

@@ -53,7 +53,8 @@ class Command(BaseCommand):
             except exceptions.ValidationError:
                 raise CommandError("Invalid email address.")
 
-        password = ''
+        # If not provided, create the user with an unusable password
+        password = None
 
         # Try to determine the current system user's username to use as a default.
         try:

django/contrib/auth/tests/basic.py

@@ -62,7 +62,9 @@ class BasicTestCase(TestCase):
         self.assertEqual(command_output, 'Superuser created successfully.')
         u = User.objects.get(username="joe")
         self.assertEquals(u.email, 'joe@somewhere.org')
-        self.assertTrue(u.check_password(''))
+
+        # created password should be unusable
+        self.assertFalse(u.has_usable_password())
 
         # We can supress output on the management command
         new_io = StringIO()
@@ -77,7 +79,8 @@ class BasicTestCase(TestCase):
         self.assertEqual(command_output, '')
         u = User.objects.get(username="joe2")
         self.assertEquals(u.email, 'joe2@somewhere.org')
-        self.assertTrue(u.check_password(''))
+        self.assertFalse(u.has_usable_password())
+
 
         new_io = StringIO()
         call_command("createsuperuser",
@@ -88,5 +91,5 @@ class BasicTestCase(TestCase):
         )
         u = User.objects.get(username="joe+admin@somewhere.org")
         self.assertEquals(u.email, 'joe@somewhere.org')
-        self.assertTrue(u.check_password(''))
+        self.assertFalse(u.has_usable_password())