Opened 21 months ago
Last modified 4 months ago
#34429 closed New feature
Allow to set unusable password via admin UI — at Version 7
Reported by: | Tobias Bengfort | Owned by: | Fabian Braun |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Carlton Gibson, Sarah Boyce | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | yes |
Description (last modified by )
Django allows to have user accounts with unusable passwords, either because authentication uses a different mechanism (e.g. LDAP) or because the User object is still needed (e.g. because it is referenced by a ForeignKey) but the user should no longer be allowed to log in.
However, this functionality is not available from the admin UI. When creating a user or changing the password I am forced to enter a password.
I propose to make the password fields optional in the Admin UI and set an unusable password if they are blank.
I am sorry if this has been discussed before. I looked before posting this but could not find anything.
Change History (7)
comment:1 by , 21 months ago
Triage Stage: | Unreviewed → Accepted |
---|---|
Version: | 4.1 → dev |
comment:2 by , 21 months ago
Cc: | added |
---|
comment:3 by , 21 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:5 by , 19 months ago
Owner: | changed from | to
---|
comment:6 by , 19 months ago
Have a working solution. Will add tests and create a PR.
The checkbox field is called "Allow login" to clearly indicate that users w/o password will not be able to log in. Please let me know if "Usable password" is deemed a better label.
The password fields are only visible and validated if the checkbox is set.
comment:7 by , 19 months ago
Description: | modified (diff) |
---|---|
Has patch: | set |
Patch here: https://github.com/django/django/pull/16942
Thanks for the ticket. I agree that it would nice to add an option to create users with an unusable password in the admin, however, any implicit logic can be confusing here (see comment). Therefore, I'm not in favor of your proposal to:
Maybe a checkbox in the "Add user" form e.g. "Usable password" (checked by default) that would hide password fields when unchecked 🤔, or sth similar.
Tentatively accepted.