diff options
| author | Russell Keith-Magee <russell@keith-magee.com> | 2011-02-22 11:35:25 +0000 |
|---|---|---|
| committer | Russell Keith-Magee <russell@keith-magee.com> | 2011-02-22 11:35:25 +0000 |
| commit | 8ed8b249efa54d379f018b4ed906980c9865f0c1 (patch) | |
| tree | 8ba3eb2c5d07fd9a67d36839939917b7b8dcacb0 /django | |
| parent | e89c471ebb5ae2b55b3677a953759792fce84bc8 (diff) | |
| download | django-8ed8b249efa54d379f018b4ed906980c9865f0c1.tar.gz | |
[1.2.X] Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.
Backport of r15631 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15632 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/management/commands/createsuperuser.py | 3 | ||||
| -rw-r--r-- | django/contrib/auth/tests/basic.py | 9 |
2 files changed, 8 insertions, 4 deletions
diff --git a/django/contrib/auth/management/commands/createsuperuser.py b/django/contrib/auth/management/commands/createsuperuser.py index 9939e3da77..9ab5526852 100644 --- a/django/contrib/auth/management/commands/createsuperuser.py +++ b/django/contrib/auth/management/commands/createsuperuser.py @@ -53,7 +53,8 @@ class Command(BaseCommand): except exceptions.ValidationError: raise CommandError("Invalid email address.") - password = '' + # If not provided, create the user with an unusable password + password = None # Try to determine the current system user's username to use as a default. try: diff --git a/django/contrib/auth/tests/basic.py b/django/contrib/auth/tests/basic.py index 7493dc68da..132e7f77f9 100644 --- a/django/contrib/auth/tests/basic.py +++ b/django/contrib/auth/tests/basic.py @@ -62,7 +62,9 @@ class BasicTestCase(TestCase): self.assertEqual(command_output, 'Superuser created successfully.') u = User.objects.get(username="joe") self.assertEquals(u.email, 'joe@somewhere.org') - self.assertTrue(u.check_password('')) + + # created password should be unusable + self.assertFalse(u.has_usable_password()) # We can supress output on the management command new_io = StringIO() @@ -77,7 +79,8 @@ class BasicTestCase(TestCase): self.assertEqual(command_output, '') u = User.objects.get(username="joe2") self.assertEquals(u.email, 'joe2@somewhere.org') - self.assertTrue(u.check_password('')) + self.assertFalse(u.has_usable_password()) + new_io = StringIO() call_command("createsuperuser", @@ -88,5 +91,5 @@ class BasicTestCase(TestCase): ) u = User.objects.get(username="joe+admin@somewhere.org") self.assertEquals(u.email, 'joe@somewhere.org') - self.assertTrue(u.check_password('')) + self.assertFalse(u.has_usable_password()) |