Usercreateform Bypassing Usermanager, Regular Users Created Through Usercreateform Can Authenticate But Superuser Created In Shell Can Not?
Solution 1:
Problem solved.
In
defcreate_superuser(self, email, first_name, last_name, password):
user = self.create_user(
email,
first_name,
last_name,
password
)
I was forgetting to set password=password,
. From looking at the password field in the database, it seems this was also resulting in (as close as I can tell) bypassing <algorithm>$<iterations>$<salt>
(per the Django docs https://docs.djangoproject.com/en/1.10/topics/auth/passwords/) though the password was still being hashed in some way (not being stored in plain text) the password field for superusers was considerably shorter than the password field for normal users. Whatever it was doing, it was not storing the actual password and was giving me an invalid username/password when attempting to log in with a superuser account.
So the proper way is
defcreate_superuser(self, email, first_name, last_name, password):
user = self.create_user(
email,
first_name,
last_name,
password=password,
)
I still don't understand why created_username
is being bypassed in the UserManager
when saving a user from the AuthenticationForm
but I found a workaround by adding the same while statement to the view. At least all is functional now. I'm still interested to learn if anybody has further insight into this matter.
Post a Comment for "Usercreateform Bypassing Usermanager, Regular Users Created Through Usercreateform Can Authenticate But Superuser Created In Shell Can Not?"