mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options.
Backport of da266b3c5c from main
			
			
This commit is contained in:
		| @@ -134,13 +134,13 @@ class Command(BaseCommand): | |||||||
|                                 self.stderr.write('Error: This field cannot be blank.') |                                 self.stderr.write('Error: This field cannot be blank.') | ||||||
|                                 continue |                                 continue | ||||||
|                             user_data[field_name] = [pk.strip() for pk in input_value.split(',')] |                             user_data[field_name] = [pk.strip() for pk in input_value.split(',')] | ||||||
|                         if not field.many_to_many: |  | ||||||
|                             fake_user_data[field_name] = input_value |  | ||||||
|  |  | ||||||
|                         # Wrap any foreign keys in fake model instances |                         # Wrap any foreign keys in fake model instances | ||||||
|                         if field.many_to_one: |                         if field.many_to_one: | ||||||
|                             fake_user_data[field_name] = field.remote_field.model(input_value) |                             fake_user_data[field_name] = field.remote_field.model(input_value) | ||||||
|  |  | ||||||
|  |                     if not field.many_to_many and field_name not in fake_user_data: | ||||||
|  |                         fake_user_data[field_name] = user_data[field_name] | ||||||
|  |  | ||||||
|                 # Prompt for a password if the model has one. |                 # Prompt for a password if the model has one. | ||||||
|                 while PASSWORD_FIELD in user_data and user_data[PASSWORD_FIELD] is None: |                 while PASSWORD_FIELD in user_data and user_data[PASSWORD_FIELD] is None: | ||||||
|                     password = getpass.getpass() |                     password = getpass.getpass() | ||||||
|   | |||||||
| @@ -713,6 +713,46 @@ class CreatesuperuserManagementCommandTestCase(TestCase): | |||||||
|  |  | ||||||
|         test(self) |         test(self) | ||||||
|  |  | ||||||
|  |     @override_settings( | ||||||
|  |         AUTH_USER_MODEL='auth_tests.CustomUser', | ||||||
|  |         AUTH_PASSWORD_VALIDATORS=[ | ||||||
|  |             {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'}, | ||||||
|  |         ] | ||||||
|  |     ) | ||||||
|  |     def test_validate_password_against_required_fields_via_option(self): | ||||||
|  |         new_io = StringIO() | ||||||
|  |         first_name = 'josephine' | ||||||
|  |         entered_passwords = [ | ||||||
|  |             first_name, first_name, | ||||||
|  |             'superduperunguessablepassword', 'superduperunguessablepassword', | ||||||
|  |         ] | ||||||
|  |  | ||||||
|  |         def bad_then_good_password(): | ||||||
|  |             return entered_passwords.pop(0) | ||||||
|  |  | ||||||
|  |         @mock_inputs({ | ||||||
|  |             'password': bad_then_good_password, | ||||||
|  |             'bypass': 'n', | ||||||
|  |         }) | ||||||
|  |         def test(self): | ||||||
|  |             call_command( | ||||||
|  |                 'createsuperuser', | ||||||
|  |                 interactive=True, | ||||||
|  |                 first_name=first_name, | ||||||
|  |                 date_of_birth='1970-01-01', | ||||||
|  |                 email='joey@example.com', | ||||||
|  |                 stdin=MockTTY(), | ||||||
|  |                 stdout=new_io, | ||||||
|  |                 stderr=new_io, | ||||||
|  |             ) | ||||||
|  |             self.assertEqual( | ||||||
|  |                 new_io.getvalue().strip(), | ||||||
|  |                 'The password is too similar to the first name.\n' | ||||||
|  |                 'Superuser created successfully.' | ||||||
|  |             ) | ||||||
|  |  | ||||||
|  |         test(self) | ||||||
|  |  | ||||||
|     def test_blank_username(self): |     def test_blank_username(self): | ||||||
|         """Creation fails if --username is blank.""" |         """Creation fails if --username is blank.""" | ||||||
|         new_io = StringIO() |         new_io = StringIO() | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user