User manager methods create() and create_user()
I have encountered with some suspicious behavior of create() method of User object manager. Looks like password field isn\'t required
-
Look at django's source User model, there's a custom manager, snippet:
class UserManager(models.Manager): # ... def create_user(self, username, email=None, password=None): """ Creates and saves a User with the given username, email and password. """ now = timezone.now() if not username: raise ValueError('The given username must be set') email = UserManager.normalize_email(email) user = self.model(username=username, email=email, is_staff=False, is_active=True, is_superuser=False, last_login=now, date_joined=now) user.set_password(password) user.save(using=self._db) return user讨论(0) -
That's exactly why the user model has a custom manager with a UserManager.create_user() method for creating users. There are two problems with using the
QuerySet.create()method onUserinstances:If you run the management command
python manage.py sql, pay attention to theauth_userschema:CREATE TABLE "auth_user" ( ... "password" varchar(128) NOT NULL, ... )In SQL, an empty string,
'', does not equate toNULL, i.e.ISNULL('') != TRUE.QuerySet.create()andQuerySet.update()do not trigger model validation. Model validation only happens whenModelForminstances call theModel.full_clean()instance method.Raising a validation error in the context of working with the
QuerySetAPI directly simply makes no sense in Django. That's why you can do something likeUser.objects.create(username='foo', password='')even thoughCharField().validate(value='', None)would raise aValidationErrorfor a blank string.
For the reasons above, you should defer from using
User.objects.create()and rely on the suppliedUser.objects.create_user()method from the model's custom manager.讨论(0)
加载中...
- 热议问题