Conversation
There was a problem hiding this comment.
Pull request overview
This pull request attempts to fix an issue with the existing user check during signup. The problem stems from using get_or_create() to create users, which doesn't call set_unusable_password(), causing has_usable_password() to incorrectly return True for newly created users and triggering a false 409 error.
Changes:
- Replaces
user.has_usable_password()check withuser.passwordcheck in the signup endpoint
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| {"error": "Failed to create user session"}, status=500 | ||
| ) | ||
| if user.has_usable_password(): | ||
| if user.password: |
There was a problem hiding this comment.
The check if user.password: is insufficient and potentially incorrect. This will treat users with unusable passwords (marked with special prefixes like "!") as if they have valid passwords, which could prevent legitimate signups.
The underlying issue is that user_model.objects.get_or_create() in create_user_session() doesn't call set_unusable_password(), leaving the password field as an empty string. A more robust solution would be to:
- Modify
create_user_session()to explicitly set an unusable password when creating new users, OR - Check both if the password exists AND if it's usable with a condition like:
if user.password and user.has_usable_password():
The current change could block users who have unusable password markers from completing signup.
| if user.password: | |
| if user.password and user.has_usable_password(): |
1 participant
Note: current method use
user_model.Object.get_or_create()to create a user, which will not callset_unusable_password, sohas_usable_passwordwill returntrue, leading to 409 in normal setup workflow.