django 1.9 createsuperuser bypass the password validation checking

Question

Try to work on the new django 1.9 version, and create a super user by this:

python manage.py createsuperuser

And I just want to use a simple password for my local development environment, like only one character, django1.9 upgrade to a very strict password validation policy, how can I bypass it?

Password: 
Password (again): 

This password is too short. It must contain at least 8 characters.

This password is too common.

This password is entirely numeric.

What about not using a weak password, as a habit? Use something like [KeePass](http://keepass.info/) to generate and store and automatically type the password for you into the application? — Anti-weakpasswords, Feb 11 '16 at 05:15
how about give control to the users and let them decide what is the appropriate security stance? KeePass doesn't address the myriad cases where i'm not logging into a browser window. — Ben, Aug 26 '18 at 20:38

mimo · Answer 1 · 2017-01-14T02:37:07.593

13

After creating the superuser with a complex password, you can set it to something easier in the shell (./manage.py shell):

from django.contrib.auth.models import User
user = User.objects.get(username='your_user')
user.set_password('simple')
user.save()

edited Jan 14 '17 at 02:37

answered Feb 11 '16 at 03:16

mimo

2,469
2
28
49

also you can run './manage.py shell' or 'python manage.py shell' no -- is required – Qchmqs Jan 12 '17 at 15:14

score 11 · Accepted Answer · edited Jun 27 '19 at 19:03

11

You can change the AUTH_PASSWORD_VALIDATORS setting in in your dev environment. See the docs: https://docs.djangoproject.com/en/stable/topics/auth/passwords/#s-enabling-password-validation.

It is pretty straightforward: you will recognize the validators that caused your warning messages.

edited Jun 27 '19 at 19:03

phoenix

7,988
6
39
45

answered Feb 11 '16 at 08:13

user2390182

72,016
6
67
89

score 4 · Answer 3 · answered Jun 22 '18 at 12:21

In fact, you do not need to modify the validator settings or first create a complex password and then later change it. Instead you can create a simple password directly bypassing all password validators.

Open the django shell

python manage.py shell

Type:

from django.contrib.auth.models import User

Hit enter and then type (e.g. to use a password consisting only of the letter 'a'):

User.objects.create_superuser('someusername', 'something@example.com', 'a')

Hit enter again and you're done.

score 0 · Answer 4 · answered Jan 28 '21 at 03:41

mimo's answer is correct but don't works if you don't using default User model

According mimo's answer and this article, I changed script to this one

from django.contrib.auth import get_user_model
User = get_user_model()
user = User.objects.get(email='user@mail.com')
# or user = User.objects.get(username='your_user')
user.set_password('simple')
user.save()

django 1.9 createsuperuser bypass the password validation checking

4 Answers4