Incorrent type annotation of the AbstractBaseUser.check_password() method.

[Flor1an-dev]

Bug report

What's wrong

The check_password() method of the AbstractBaseUser class has an incorrect or too narrow type annotation.

It currently defines the parameter raw_password as str. In my opinion, it should be Optional[str] as the method invoked within check_password() to check the password accepts None values.

The current type annotation can be found here: Django Stubs AbstractBaseUser.check_password() annotation

The method of Django can be found here: Django AbstractBaseUser.check_password() implementation

Within that method, the django.contrib.auth.hashers.check_password() method is invoked, passing on the raw_password. That method accepts passwords with None values. That django.contrib.auth.hashers.check_password() is already correctly annotated in Django Stubs as Optional[str]. Django Stubs django.contrib.auth.hashers.check_password() annotation

And here is the implementation in Django: Django django.contrib.auth.hashers.check_password() implementation

This is true for Django 3.2 and I've also checked the Django main branch, it is the same behavior there.

How is that should be

I think the annotation in django-stubs/contrib/auth/base_user.pyi should look like this:

class AbstractBaseUser(models.Model):
    ...

    # correct implementation
    def check_password(self, raw_password: Optional[str]) -> bool: ...

    # instead of existing wrong implementation
    def check_password(self, raw_password: str) -> bool: ...

System information

• python version: 3.10.4
• django version: 3.2 (but also true in main branch)
• mypy version: 0.950
• django-stubs version: 1.11.0
• django-stubs-ext version: 0.4.0