Closed ozten closed 12 years ago
In some cases, django-browserid will create a new user. It should call set_unusable_password before saving the new user.
It should not do this for existing users, since some apps might support multiple authentication backends.
It does. From https://docs.djangoproject.com/en/dev/topics/auth/:
If no password is provided, set_unusable_password() will be called.
By golly, he's right! :)
In some cases, django-browserid will create a new user. It should call set_unusable_password before saving the new user.
It should not do this for existing users, since some apps might support multiple authentication backends.