Don't set password when oauth2 creates a user
Setting a password can cause problems with other APIs that expect the password to be null. In addition, it doesn't match the implementation for the other APIs that create a user without a password (Create Magic URL Session, Create Phone Session, Create Anonymous Session, etc).
This commit is contained in:
parent
43d5c96f7d
commit
b9c2b9322f
1 changed files with 1 additions and 3 deletions
|
@ -564,7 +564,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
|
||||
try {
|
||||
$userId = ID::unique();
|
||||
$password = Auth::passwordHash(Auth::passwordGenerator(), Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||
$user->setAttributes([
|
||||
'$id' => $userId,
|
||||
'$permissions' => [
|
||||
|
@ -575,8 +574,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
'email' => $email,
|
||||
'emailVerification' => true,
|
||||
'status' => true, // Email should already be authenticated by OAuth2 provider
|
||||
'passwordHistory' => $passwordHistory > 0 ? [$password] : null,
|
||||
'password' => $password,
|
||||
'password' => null,
|
||||
'hash' => Auth::DEFAULT_ALGO,
|
||||
'hashOptions' => Auth::DEFAULT_ALGO_OPTIONS,
|
||||
'passwordUpdate' => null,
|
||||
|
|
Loading…
Reference in a new issue