Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.

Thanks Carl Meyer for review.

1 files changed, 16 insertions, 0 deletions

diff --git a/django/contrib/auth/base_user.py b/django/contrib/auth/base_user.py
index b279e152ae..31fec4f723 100644
--- a/django/contrib/auth/base_user.py
+++ b/django/contrib/auth/base_user.py
@@ -4,6 +4,7 @@ not in INSTALLED_APPS.
 """
 from __future__ import unicode_literals
 
+from django.contrib.auth import password_validation
 from django.contrib.auth.hashers import (
     check_password, is_password_usable, make_password,
 )
@@ -60,9 +61,21 @@ class AbstractBaseUser(models.Model):
         "Return the identifying username for this User"
         return getattr(self, self.USERNAME_FIELD)
 
+    def __init__(self, *args, **kwargs):
+        super(AbstractBaseUser, self).__init__(*args, **kwargs)
+        # Stores the raw password if set_password() is called so that it can
+        # be passed to password_changed() after the model is saved.
+        self._password = None
+
     def __str__(self):
         return self.get_username()
 
+    def save(self, *args, **kwargs):
+        super(AbstractBaseUser, self).save(*args, **kwargs)
+        if self._password is not None:
+            password_validation.password_changed(self._password, self)
+            self._password = None
+
     def natural_key(self):
         return (self.get_username(),)
 
@@ -82,6 +95,7 @@ class AbstractBaseUser(models.Model):
 
     def set_password(self, raw_password):
         self.password = make_password(raw_password)
+        self._password = raw_password
 
     def check_password(self, raw_password):
         """
@@ -90,6 +104,8 @@ class AbstractBaseUser(models.Model):
         """
         def setter(raw_password):
             self.set_password(raw_password)
+            # Password hash upgrades shouldn't be considered password changes.
+            self._password = None
             self.save(update_fields=["password"])
         return check_password(raw_password, self.password, setter)