summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorJosh Schneier <josh.schneier@gmail.com>2018-08-02 13:29:48 -0400
committerTim Graham <timograham@gmail.com>2018-08-04 08:44:25 -0400
commit793e9bb35af34aa11320866bcc6ad8edaf1480a7 (patch)
tree7491d0df04353c14a5cb1148bef8ea8a802e38b1 /django
parentf1fbef6cd171ddfae41fcc901f1f60ccad039f51 (diff)
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
Diffstat (limited to 'django')
-rw-r--r--django/contrib/auth/management/commands/createsuperuser.py57
1 files changed, 30 insertions, 27 deletions
diff --git a/django/contrib/auth/management/commands/createsuperuser.py b/django/contrib/auth/management/commands/createsuperuser.py
index fb3cda7662..541711606c 100644
--- a/django/contrib/auth/management/commands/createsuperuser.py
+++ b/django/contrib/auth/management/commands/createsuperuser.py
@@ -108,6 +108,11 @@ class Command(BaseCommand):
if error_msg:
raise CommandError(error_msg)
+ user_data[self.UserModel.USERNAME_FIELD] = username
+ fake_user_data[self.UserModel.USERNAME_FIELD] = (
+ self.username_field.remote_field.model(username) if self.username_field.remote_field
+ else username
+ )
# Prompt for required fields.
for field_name in self.UserModel.REQUIRED_FIELDS:
if not options['interactive']:
@@ -134,28 +139,33 @@ class Command(BaseCommand):
# Wrap any foreign keys in fake model instances
if field.remote_field:
fake_user_data[field_name] = field.remote_field.model(input_value)
- # Prompt for a password.
- while password is None:
- password = getpass.getpass()
- password2 = getpass.getpass('Password (again): ')
- if password != password2:
- self.stderr.write("Error: Your passwords didn't match.")
- password = None
- # Don't validate passwords that don't match.
- continue
- if password.strip() == '':
- self.stderr.write("Error: Blank passwords aren't allowed.")
+ if options['interactive']:
+ # Prompt for a password.
+ while password is None:
+ password = getpass.getpass()
+ password2 = getpass.getpass('Password (again): ')
+ if password != password2:
+ self.stderr.write("Error: Your passwords didn't match.")
+ password = None
+ # Don't validate passwords that don't match.
+ continue
+ if password.strip() == '':
+ self.stderr.write("Error: Blank passwords aren't allowed.")
+ password = None
+ # Don't validate blank passwords.
+ continue
+ try:
+ validate_password(password2, self.UserModel(**fake_user_data))
+ except exceptions.ValidationError as err:
+ self.stderr.write('\n'.join(err.messages))
+ response = input('Bypass password validation and create user anyway? [y/N]: ')
+ if response.lower() != 'y':
password = None
- # Don't validate blank passwords.
- continue
- try:
- validate_password(password2, self.UserModel(**fake_user_data))
- except exceptions.ValidationError as err:
- self.stderr.write('\n'.join(err.messages))
- response = input('Bypass password validation and create user anyway? [y/N]: ')
- if response.lower() != 'y':
- password = None
+ user_data['password'] = password
+ self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
+ if options['verbosity'] >= 1:
+ self.stdout.write("Superuser created successfully.")
except KeyboardInterrupt:
self.stderr.write('\nOperation cancelled.')
sys.exit(1)
@@ -168,13 +178,6 @@ class Command(BaseCommand):
'to create one manually.'
)
- if username:
- user_data[self.UserModel.USERNAME_FIELD] = username
- user_data['password'] = password
- self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
- if options['verbosity'] >= 1:
- self.stdout.write("Superuser created successfully.")
-
def get_input_data(self, field, message, default=None):
"""
Override this method if you want to customize data inputs or