Skip password requirement on OAuth signup

This makes it possible to complete OAuth signup without creating a password on the WriteFreely instance. A user can then add a password to their account through their Account Settings page without any admin action (all of this logic is already in place). Ref T715 T712
5 years ago · f7dabd39c2
parent b5a38efd28
commit f7dabd39c2
1 changed files with 10 additions and 8 deletions
--- a/oauth_signup.go
+++ b/oauth_signup.go
@ -91,14 +91,20 @@ func (h oauthHandler) viewOauthSignup(app *App, w http.ResponseWriter, r *http.R
 		return h.showOauthSignupPage(app, w, r, tp, err)
 	}

-	hashedPass, err := auth.HashPass([]byte(r.FormValue(oauthParamPassword)))
+	var err error
+	hashedPass := []byte{}
+	clearPass := r.FormValue(oauthParamPassword)
+	hasPass := clearPass != ""
+	if hasPass {
+		hashedPass, err = auth.HashPass([]byte(clearPass))
 		if err != nil {
 			return h.showOauthSignupPage(app, w, r, tp, fmt.Errorf("unable to hash password"))
 		}
+	}
 	newUser := &User{
 		Username:   r.FormValue(oauthParamUsername),
 		HashedPass: hashedPass,
-		HasPass:    true,
+		HasPass:    hasPass,
 		Email:      prepareUserEmail(r.FormValue(oauthParamEmail), h.EmailKey),
 		Created:    time.Now().Truncate(time.Second).UTC(),
 	}
@ -135,10 +141,6 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 	if len(collTitle) == 0 {
 		collTitle = username
 	}
-	password := r.FormValue("password")
-	if len(password) == 0 {
-		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Password is too short."}
-	}
 	email := r.FormValue(oauthParamEmail)
 	if len(email) > 0 {
 		parts := strings.Split(email, "@")