[5.1.x] Doc'd that unusable passwords are defined by metadata in the password field.

Backport of de2bb73904009313bae3664ef71edfd60df9912b from main.
2025-03-13 02:40:47 +00:00 · 2024-10-23 18:20:36 +01:00 · 2024-10-23 18:20:36 +01:00 · 8bfa520a01
commit 8bfa520a01
parent 630c9e1f9d
1 changed files with 5 additions and 3 deletions
--- a/docs/ref/contrib/auth.txt
+++ b/docs/ref/contrib/auth.txt
@ -54,7 +54,8 @@ Fields

        Required. A hash of, and metadata about, the password. (Django doesn't
        store the raw password.) Raw passwords can be arbitrarily long and can
-        contain any character. See the :doc:`password documentation
+        contain any character. The metadata in this field may mark the password
+        as unusable. See the :doc:`password documentation
        </topics/auth/passwords>`.

    .. attribute:: groups
@ -179,8 +180,9 @@ Methods

    .. method:: set_unusable_password()

-        Marks the user as having no password set.  This isn't the same as
-        having a blank string for a password.
+        Marks the user as having no password set by updating the metadata in
+        the :attr:`~django.contrib.auth.models.User.password` field. This isn't
+        the same as having a blank string for a password.
        :meth:`~django.contrib.auth.models.User.check_password()` for this user
        will never return ``True``. Doesn't save the
        :class:`~django.contrib.auth.models.User` object.