Merge pull request #12999 from edx/e0d/random-passwords

use random rather than unusable so they can be reset

Merge pull request #12999 from edx/e0d/random-passwords
use random rather than unusable so they can be reset
95800be0 · Edward Zarecor · GitHub · 9d747fa6 · 8a18b2c3 · 95800be0
Commit 95800be0 authored Jul 20, 2016 by Edward Zarecor Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

common/djangoapps/student/management/commands/manage_user.py
+5 -2

No files found.
--- a/common/djangoapps/student/management/commands/manage_user.py
+++ b/common/djangoapps/student/management/commands/manage_user.py
@@ -4,7 +4,7 @@ Django users, set/unset permission bits, and associate groups by name.
 """

 from django.contrib.auth import get_user_model
-from django.contrib.auth.models import Group
+from django.contrib.auth.models import Group, BaseUserManager
 from django.core.management.base import BaseCommand, CommandError
 from django.db import transaction
 from django.utils.translation import gettext as _
@@ -81,7 +81,10 @@ class Command(BaseCommand):
        )

        if created:
-            user.set_unusable_password()
+            # Set the password to a random, unknown, but usable password
+            # allowing self-service password resetting.  Cases where unusable
+            # passwords are required, should be explicit, and will be handled below.
+            user.set_password(BaseUserManager().make_random_password(25))
            self.stderr.write(_('Created new user: "{}"').format(user))
        else:
            # NOTE, we will not update the email address of an existing user.