summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-08-10 15:52:16 -0400
committerTim Graham <timograham@gmail.com>2016-08-10 15:52:37 -0400
commit3fff7d3abb295a7622fa6f4ab6ca6719b48beb9a (patch)
tree4bc8c6fa9a85c6f0f4ad32111f1612aa732b127f /docs
parent025498531714d4c3c82724493754f7b2b4ca329a (diff)
[1.10.x] Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.
Backport of 796cc620269bcefa36e7bbf5f1a63855f00b8ea8 from master
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/passwords.txt8
1 files changed, 7 insertions, 1 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index dc0e0e2945..12ab1d2fbd 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -469,11 +469,17 @@ meet the requirements, and optionally receive passwords that have been set.
Validators can also have optional settings to fine tune their behavior.
Validation is controlled by the :setting:`AUTH_PASSWORD_VALIDATORS` setting.
-By default, validators are used in the forms to reset or change passwords.
The default for the setting is an empty list, which means no validators are
applied. In new projects created with the default :djadmin:`startproject`
template, a simple set of validators is enabled.
+By default, validators are used in the forms to reset or change passwords and
+in the :djadmin:`createsuperuser` and :djadmin:`changepassword` management
+commands. Validators aren't applied at the model level, for example in
+``User.objects.create_user()`` and ``create_superuser()``, because we assume
+that developers, not users, interact with Django at that level and also because
+model validation doesn't automatically run as part of creating models.
+
.. note::
Password validation can prevent the use of many types of weak passwords.