How does django knows what the password is in create_user() function

Question

I am following django's doc on creating a custom user model and I am confused in defining the create_user() and create_superuser(). When defining create_user() the password arg passed is None

def create_user(self, email, date_of_birth, password=None):
    # create user here
    ...

While creating create_superuser() the password is provided by the caller.

def create_user(self, email, date_of_birth, password=None):
    # create user here
    ...

How does django knows what the password in create_user() function? I am sorry if this is a noob question but I really need to understand. Could you please help me understand the concept here. Thank you.

Answer 1

The password=None in create_user method definition means that None is default value for password, but it could still be provided by caller.

When you don't provide password for new user or you pass None for password Django will create user with unusable password, that means, user won't be able to log in with username and password.

It's useful in scenarios where you want enforce other means of authentication like OAuth or OpenID etc.

Relevant parts of code with comments:

• Implementation of create_user

• set_password

• Check the UNUSABLE_PASSWORD_PREFIX in method make_password

Why for create_superuser password is required? Actually it's not. You can always pass None as password, but imho it's because you want special rights and privileges for superuser and you are not creating superusers as often as regular users.