IdentityPython / djangosaml2

I see the changelog mentions setting unusable password on the user object, but I can't find it in the code.

https://github.com/IdentityPython/djangosaml2/blob/169fc486fc387a0ed57ae01ee67140a424a83a46/CHANGES#L386C1-L388C70

Perhaps, this change was lost while deprecating configure_user method?

Here
https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/backends.py#L256

If the user is not present on the system (when the user is first created), then this code will be triggered

Lines 291 to 298 in 169fc48

    
           if create_unknown_user: 
        
               user = UserModel(**{user_lookup_key: user_lookup_value}) 
        
               created = True 
        
               logger.debug(f"New user created: {user}", exc_info=True) 
        
           else: 
        
               logger.exception( 
        
                   f"The user does not exist, model: {UserModel._meta}, lookup: {user_query_args}" 
        
               )

And, this does not set an unusable password.

@peppelinux I opened #399 after updating an existing test case to verify that the created user has a usable_password.

Please check the logs of the Ci build https://github.com/IdentityPython/djangosaml2/actions/runs/7913492573/job/21601260980?pr=399#step:5:740

	if create_unknown_user:
	user = UserModel(**{user_lookup_key: user_lookup_value})
	created = True
	logger.debug(f"New user created: {user}", exc_info=True)
	else:
	logger.exception(
	f"The user does not exist, model: {UserModel._meta}, lookup: {user_query_args}"
	)

Set unusable password for new created users