I'm working on a new component for my Django OpenID package which will provide support for associating one or more OpenIDs with a django.contrib.auth User. As part of this, I want to include the ability to register for a new user account using an OpenID instead of a password.
At the moment, django.contrib.auth does not support creating a user account without setting a password. OpenID is not the only use case where password-less accounts might be warranted. Any application where authentication takes place against an external source - for example, authenticating against an existing LDAP provider - would also benefit from being able to create Django user accounts without setting a password. I propose the following changes: 1. The 'password' field in the User model should be altered to have blank=True. This would allow us to set blank passwords as an empty string. It would not require existing installations to make any schema changes as the column would still be NOT NULL. 2. user.set_password(password) should be altered to accept 'None' If None is passed to the function, a blank string will be stored instead of an encrypted password. 3. user.has_password() should be added A simple utility method which returns True if the user has a password, False if they do not. 4. check_password should ALWAYS return False if no password is set This should help protect us from introducing any security issues with these changes. Does this sound like a workable plan? If so, I'd like to get the changes in as soon as possible so I can wrap up work on the next version of the OpenID package. Cheers, Simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
