Monday, June 27, 2016

AUTH_PASSWORD_VALIDATORS not used when creating new users?

Hi all,

I set the AUTH_PASSWORD_VALIDATORS variable to the standard set here: https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#enabling-password-validation. When I use the `createsuperuser` function in manage.py, my password must conform to the validators. But when I use User.objects.create_user() or the user.set_password() methods, the AUTH_PASSWORD_VALIDATORS is not used. I can literally set my password to 'a' and its accepted.

Is this a bug? It seems like the validators should be used when creating a new user or setting the password.
Is is there an alternative method to validate the password prior to creation?

I am using Django 1.9.7

Thanks!
---
Farhan Khan
PGP Fingerprint: 4A78 F071 5CB6 E771 B8D6 3910 F371 FE22 3B20 B21B

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5d7e0472-5d1b-42a4-a640-b93b09023de3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment