[Django] #33178: `creratesuperuser` does not validate `REQUIRED_FIELDS` fields value in interactive mode when passed by command-line
Django
interactive mode when passed by command-line
--------------------------------------------+------------------------
Reporter: Christophe Henry | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 3.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+------------------------
`createsuperuser` command will alway perform a field validation using
`field.clean` when creating a new user. In non-interactive mode, it is
done
[https://github.com/django/django/blob/main/django/contrib/auth/management/commands/createsuperuser.py#L187
here]. In interactive mode, it is performed in
[https://github.com/django/django/blob/main/django/contrib/auth/management/commands/createsuperuser.py#L217
`get_input_data`] when the value is requested from input. But if the
valued was passed using `--` command, the field is never validated.
The consequence is it ends up passing a non-validated string to
[https://github.com/django/django/blob/28f66b2783e52d5be51887c31cd2be907b820e11/django/contrib/auth/models.py#L154
`UserManager.create_superuser`] instead of a integer corresponding to an
actual PK in DB.
--
Ticket URL: <https://code.djangoproject.com/ticket/33178>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Component: contrib.auth | Version: 3.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => assigned
* owner: nobody => Christophe Henry
* has_patch: 0 => 1
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
[https://github.com/django/django/pull/14960 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:1>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 1 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 0 => 1
* needs_tests: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:2>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
Comment (by GitHub <noreply@…>):
In [changeset:"da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0" da266b3]:
{{{
#!CommitTicketReference repository=""
revision="da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0"
Refs #29628, Refs #33178 -- Made createsuperuser validate password against
required fields passed in options.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:3>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"224fa0bc7de05f3f269e7fd41b66154b82a2e87f" 224fa0bc]:
{{{
#!CommitTicketReference repository=""
revision="224fa0bc7de05f3f269e7fd41b66154b82a2e87f"
[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password
against required fields passed in options.
Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:4>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:5>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"57273e15699e2f87eda4d7cc1e3014c7d7c8f89a" 57273e15]:
{{{
#!CommitTicketReference repository=""
revision="57273e15699e2f87eda4d7cc1e3014c7d7c8f89a"
Refs #33178 -- Added createsuperuser tests for validation of foreign keys.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:6>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Component: contrib.auth | Version: 3.1
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a" b1b26b3]:
{{{
#!CommitTicketReference repository=""
revision="b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a"
Fixed #33178 -- Made createsuperuser validate required fields passed in
options in interactive mode.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:7>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Type: Bug | Status: closed
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"048fbf9c8919f3838f427f7b0fccf10428530de7" 048fbf9c]:
{{{
#!CommitTicketReference repository=""
revision="048fbf9c8919f3838f427f7b0fccf10428530de7"
[4.0.x] Fixed #33178 -- Made createsuperuser validate required fields
passed in options in interactive mode.
Backport of b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:8>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Component: contrib.auth | Version: 3.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Christophe Henry):
* status: closed => new
* has_patch: 1 => 0
* version: 3.1 => 3.2
* resolution: fixed =>
Comment:
The fixes for this bug were never backported to Django 3.
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:9>
Django
mode when passed by command-line.
-------------------------------------+-------------------------------------
Reporter: Christophe Henry | Owner:
| Christophe Henry
Component: contrib.auth | Version: 3.2
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* has_patch: 0 => 1
* resolution: => fixed
Comment:
Please don't reopen closed tickets. This issue is not a regression in
Django 3.2, per our backporting policy this means it doesn't qualify for a
backport to 3.2.x anymore. See
[https://docs.djangoproject.com/en/stable/internals/release-process/
Django’s release process] for more details.
--
Ticket URL: <https://code.djangoproject.com/ticket/33178#comment:10>