Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bad request when creating users without a password #30649

Closed
wants to merge 1 commit into from
Closed

Fix bad request when creating users without a password #30649

wants to merge 1 commit into from

Conversation

kagmole
Copy link

@kagmole kagmole commented Jan 13, 2022
edited by solracsf
Loading

As requested in #30241, here is a pull-request containing the suggested
changes.

Commit summary:

When the minimal password length is set to 0, the generated password by
GenerateSecurePasswordEvent is '', which would bypass the fallback
password generation. UserManager would then throw an error since the
password is an empty string.

@kagmole
Fix bad request when creating users without a password
dcd440d 
When the minimal password length is set to 0, the generated password by
`GenerateSecurePasswordEvent` is '', which would bypass the fallback
password generation. `UserManager` would then throw an error since the
password is an empty string.

Signed-off-by: Dany Jupille <dany.jupille@gmail.com>
@szaimen szaimen added the 3. to review Waiting for reviews label Jan 13, 2022
@szaimen szaimen added this to the Nextcloud 24 milestone Jan 13, 2022
@szaimen szaimen requested review from a team, nickvergessen, icewind1991 and CarlSchwan and removed request for a team January 13, 2022 14:44
@szaimen szaimen linked an issue Jan 13, 2022 that may be closed by this pull request
Bad Request when creating a user without password #30241
Closed
@nickvergessen
Copy link
Member

Could also fix the password policy app to generate a non-empty password when being asked

@CarlSchwan
Copy link
Member

Could also fix the password policy app to generate a non-empty password when being asked

I also think this is the best solution. Either not allow empty password policies or make an empty password policy still generate a password with a few characters

@skjnldsv skjnldsv mentioned this pull request Mar 24, 2022
Merged
@blizzz blizzz mentioned this pull request Mar 31, 2022
Merged
This was referenced Apr 7, 2022
Merged
Merged
@blizzz blizzz modified the milestones: Nextcloud 24, Nextcloud 25 Apr 21, 2022
@PVince81
Copy link
Member

fixed in the password policy app: nextcloud/password_policy#356

@PVince81 PVince81 closed this Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan

Assignees
No one assigned
Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
Nextcloud 25
Development

Successfully merging this pull request may close these issues.

Bad Request when creating a user without password
6 participants
@kagmole @nickvergessen @CarlSchwan @PVince81 @blizzz @szaimen