From f7dabd39c2c86337323d58d2fd62513a37ef6f2e Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Thu, 16 Jan 2020 14:25:33 -0500 Subject: [PATCH] Skip password requirement on OAuth signup This makes it possible to complete OAuth signup without creating a password on the WriteFreely instance. A user can then add a password to their account through their Account Settings page without any admin action (all of this logic is already in place). Ref T715 T712 --- oauth_signup.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/oauth_signup.go b/oauth_signup.go index d1fa9b5..10d2306 100644 --- a/oauth_signup.go +++ b/oauth_signup.go @@ -91,14 +91,20 @@ func (h oauthHandler) viewOauthSignup(app *App, w http.ResponseWriter, r *http.R return h.showOauthSignupPage(app, w, r, tp, err) } - hashedPass, err := auth.HashPass([]byte(r.FormValue(oauthParamPassword))) - if err != nil { - return h.showOauthSignupPage(app, w, r, tp, fmt.Errorf("unable to hash password")) + var err error + hashedPass := []byte{} + clearPass := r.FormValue(oauthParamPassword) + hasPass := clearPass != "" + if hasPass { + hashedPass, err = auth.HashPass([]byte(clearPass)) + if err != nil { + return h.showOauthSignupPage(app, w, r, tp, fmt.Errorf("unable to hash password")) + } } newUser := &User{ Username: r.FormValue(oauthParamUsername), HashedPass: hashedPass, - HasPass: true, + HasPass: hasPass, Email: prepareUserEmail(r.FormValue(oauthParamEmail), h.EmailKey), Created: time.Now().Truncate(time.Second).UTC(), } @@ -135,10 +141,6 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error { if len(collTitle) == 0 { collTitle = username } - password := r.FormValue("password") - if len(password) == 0 { - return impart.HTTPError{Status: http.StatusBadRequest, Message: "Password is too short."} - } email := r.FormValue(oauthParamEmail) if len(email) > 0 { parts := strings.Split(email, "@")