I noticed that create_user() is currently setting password to unusable if it is None or empty. However, set_password() is accepting an empty password. I decided to follow the first rule in the patch I submitted but I am kind of confused now. Can someone indicate what we should accept as a password?
On Oct 7, 3:25 pm, Łukasz Rekucki <[email protected]> wrote: > Hi, > > I started working on a somehow related ticket #14390. Adrian suggested > to create a utils module, so I wanted to put there all useful > password-related functions: check_password(), make_password(), > is_password_usable() and the UNUSABLE_PASSWORD constant. So I'm > interested in API that this functions (and thus User's methods) should > provide. > > On 7 October 2010 23:13, Laurent Luce <[email protected]> wrote:> Hello, > > > Regarding the issue about password is None in check_password (http:// > > code.djangoproject.com/ticket/14354). I attached a patch with the > > following changes: > > > - in set_password(), check for raw_password and if None or empty, call > > set_unusable_password(), otherwise same as before > > In theory, someone could allow empty passwords which will get hashed properly. > > > > > - in has_usable_password(), return True only if password is not None, > > not empty, or '!' > > There are actually lot of other unusable values - at the moment, > anything that isn't a MD5 hash or a legitimate password string in > algo$salt$hash format. Is it ok, to only special case this three > values ? > > > > > - because of the 2 changes above, we can simplify a bit create_user() > > by just calling set_password() for all cases. No need to test password > > inside this function anymore. > > > - basic.py tests are now unittests and not doctests > > Good work :) > > -- > Łukasz Rekucki -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
