(security) Remove default password model field

[apexDev37]

Overview

The models.Voter model defines a password field that generates a default password. This is a significant security concern with how the model handles the password field. In addition, the following are a few noted side effects caused by implementing a default password:

• Exposed password in migration files
  The generated password is saved in the model's migration files and checked into VSC. Despite being hashed, the repo being open-source means anyone can dig into the hash and algorithm being used under the hood.
• Trigger of new migration files from the auto-generated field
  New migration files are created each time makemigrations is run. The default value auto-generates a new password on each run leading to a new migration file with an updated and exposed password.

Intended Outcome

• Remove the default arg on the password field and implement a new mechanism to securely generate a password. This can be done by migrating the password generation logic out of the schema into the model's creation lifecycle. Django signals, specifically the post_save signal may be appropriate in this context.
• Note: Using datetime.datetime.now as part of the password generation process is considered an insecure practice.

Note

• The above outcome is only a proposed solution.
• Feel free to ask for help from one of the project contributors or me to discuss a solution or pair/ensemble on your idea🌍.
• Remember to read the CONTRIBUTING docs after reading this.