[Django] #33758: make_random_password does not comply with AUTH_PASSWORD_VALIDATORS
Django
-----------------------------------------+------------------------
Reporter: Jacatove | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 4.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
The usage of
{{{
User.objects.make_random_password()
}}}
is limited since the generated passwords are not valid because they were
created without meeting the validators criteria.
--
Ticket URL: <https://code.djangoproject.com/ticket/33758>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Javier Torres | Owner: Sosshi
Type: Uncategorized | Status: assigned
Component: Uncategorized | Version: 4.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Sosshi):
* owner: nobody => Sosshi
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:1>
Django
-------------------------------+--------------------------------------
Reporter: Javier Torres | Owner: Sosshi
Type: Uncategorized | Status: assigned
Component: Uncategorized | Version: 4.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Comment (by Carlton Gibson):
Hi. Erm... I'm not sure what to say here.
> The usage of ... is limited ...
Yes, it is. `make_random_password()` is essentially not used as tall in
the Django codebase.
An 11 year old comment from Russell says why:
> The only reason I can think of to generate a random password would be to
send it in cleartext. To which, the answer is a definitive No. Not ever.
https://code.djangoproject.com/ticket/15639#comment:2
I think we should probably deprecate and remove this method, rather than
try and make it more complex 🤔
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:2>
Django
Reporter: Javier Torres | Owner: Sosshi
Cleanup/optimization |
Component: contrib.auth | Version: 4.0
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: assigned => closed
* resolution: => wontfix
* component: Uncategorized => contrib.auth
* type: Uncategorized => Cleanup/optimization
Comment:
> I think we should probably deprecate and remove this method, rather than
try and make it more complex 🤔
Totally agreed, it's unused since
fcd837cd0f9b2c706bc49af509628778d442bb3f. See #33764.
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:3>
Django
Reporter: Javier Torres | Owner: Sosshi
Component: Uncategorized | Version: 4.0
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by David Wobrock):
* type: Cleanup/optimization => Uncategorized
* component: contrib.auth => Uncategorized
Comment:
One could imagine use cases for this function. For example a website that
automatically creates accounts and sends out the plain passwords (through
email, or something more secure) for a first log in - but then forces
password change on first use.
But I agree with Carlton (and Russell) that Django shouldn't "encourage"
this, since the implementation then requires some special attention.
+1 for deprecating this function
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:4>
Django
Reporter: Javier Torres | Owner: Sosshi
Cleanup/optimization |
Component: contrib.auth | Version: 4.0
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by David Wobrock):
* type: Uncategorized => Cleanup/optimization
* component: Uncategorized => contrib.auth
Comment:
Oopsie
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:5>
Django
-------------------------------------+-------------------------------------
Reporter: Javier Torres | Owner: Sosshi
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version: 4.0
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Carlton Gibson):
Ah, thanks Mariusz.
--
Ticket URL: <https://code.djangoproject.com/ticket/33758#comment:9>