Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.

Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review.
2025-10-24 06:06:09 +00:00 · 2024-08-15 10:27:24 -03:00
parent b60fd8722f
commit 0ebed5fa95
6 changed files with 174 additions and 88 deletions
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -1645,6 +1645,23 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
        Option to disable (or reenable) password-based authentication was
        added.

+.. class:: AdminUserCreationForm
+
+    .. versionadded:: 5.1.1
+
+    A form used in the admin interface to create a new user. Inherits from
+    :class:`UserCreationForm`.
+
+    It includes an additional ``usable_password`` field, enabled by default. If
+    ``usable_password`` is enabled, it verifies that ``password1`` and
+    ``password2`` are non empty and match, validates the password using
+    :func:`~django.contrib.auth.password_validation.validate_password`, and
+    sets the user's password using
+    :meth:`~django.contrib.auth.models.User.set_password()`.
+    If ``usable_password`` is disabled, no password validation is done, and
+    password-based authentication is disabled for the user by calling
+    :meth:`~django.contrib.auth.models.User.set_unusable_password()`.
+
 .. class:: AuthenticationForm

    A form for logging a user in.
@@ -1735,21 +1752,12 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
    A :class:`~django.forms.ModelForm` for creating a new user. This is the
    recommended base class if you need to customize the user creation form.

-    It has four fields: ``username`` (from the user model), ``password1``,
-    ``password2``, and ``usable_password`` (the latter is enabled by default).
-    If ``usable_password`` is enabled, it verifies that ``password1`` and
-    ``password2`` are non empty and match, validates the password using
+    It has three fields: ``username`` (from the user model), ``password1``,
+    and ``password2``. It verifies that ``password1`` and ``password2`` match,
+    validates the password using
    :func:`~django.contrib.auth.password_validation.validate_password`, and
    sets the user's password using
    :meth:`~django.contrib.auth.models.User.set_password()`.
-    If ``usable_password`` is disabled, no password validation is done, and
-    password-based authentication is disabled for the user by calling
-    :meth:`~django.contrib.auth.models.User.set_unusable_password()`.
-
-    .. versionchanged:: 5.1
-
-        Option to create users with disabled password-based authentication was
-        added.

 .. class:: UserCreationForm