CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-28 23:41:23 +12:00
Code Issues Projects Releases Wiki Activity

Don't set password when oauth2 creates a user

Browse source 
Setting a password can cause problems with other APIs that expect the
password to be null. In addition, it doesn't match the implementation
for the other APIs that create a user without a password (Create Magic
URL Session, Create Phone Session, Create Anonymous Session, etc).
This commit is contained in:
Steven Nguyen 2023-07-14 16:17:05 -07:00
parent 43d5c96f7d
commit b9c2b9322f
No known key found for this signature in database
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/account.php
View file

@ -564,7 +564,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
try {
$userId = ID::unique();
$password = Auth::passwordHash(Auth::passwordGenerator(), Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
$user->setAttributes([
'$id' => $userId,
'$permissions' => [
@ -575,8 +574,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
'email' => $email,
'emailVerification' => true,
'status' => true, // Email should already be authenticated by OAuth2 provider
'passwordHistory' => $passwordHistory > 0 ? [$password] : null,
'password' => $password,
'password' => null,
'hash' => Auth::DEFAULT_ALGO,
'hashOptions' => Auth::DEFAULT_ALGO_OPTIONS,
'passwordUpdate' => null,