Bad Request when creating a user without password

[kagmole]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

This error only occures if in your password policy (Settings > Security) you have the minimal password length set to 0.

1. Connect to the web Front-End of NextCloud
2. Go to: Users > New user
3. Try to create a user with a login, username and mail but no password

Expected behaviour

A mail is sent to the new user with an invitation to create its password.

Actual behaviour

A Bad Request occures. The error comes from UserManager which does not have a valid password for the account.
It is because the fallback below does not work: the generated password is an empty string and not null.

server/apps/provisioning_api/lib/Controller/UsersController.php

Lines 397 to 408 in e8ce7a3

	$passwordEvent = new GenerateSecurePasswordEvent();
	$this->eventDispatcher->dispatchTyped($passwordEvent);
	$password = $passwordEvent->getPassword();
	if ($password === null) {
	// Fallback: ensure to pass password_policy in any case
	$password = $this->secureRandom->generate(10)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_UPPER)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_LOWER)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_DIGITS)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_SYMBOLS);
	}

Adding || $password === '' would fix the issue.
The workaround right now is to configure a greater minimal password length than 0.

[solracsf]

Mind to open a pull request?

[kagmole]

Closing the issue since nextcloud/password_policy#356 fixes it.