From 63be666a67574b3eba21d35b0fbc91b7c598301c Mon Sep 17 00:00:00 2001 From: Fabian Freyer Date: Sun, 24 Oct 2021 19:55:56 +0200 Subject: [PATCH] Allow password-less registration Introduce a configuration option that, when unset, causes registration to not require setting a password. Users registered without a password will not be able to login unless through SSO. --- config/config.default.php | 5 +++++ includes/pages/guest_login.php | 17 ++++++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/config/config.default.php b/config/config.default.php index 2ce3a12d..5563ff22 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -249,6 +249,11 @@ return [ // The minimum length for passwords 'min_password_length' => env('PASSWORD_MINIMUM_LENGTH', 8), + // Whether the Password field should be enabled. + // If this is disabled, it means that no password can be set and the user will + // not be able to log in unless linked to an oauth provider. + 'enable_password' => (bool)env('ENABLE_PASSWORD', true), + // Whether the DECT field should be enabled 'enable_dect' => (bool)env('ENABLE_DECT', true), diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 45570e7f..e422aeb3 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -32,6 +32,7 @@ function guest_register() $enable_dect = config('enable_dect'); $enable_planned_arrival = config('enable_planned_arrival'); $min_password_length = config('min_password_length'); + $enable_password = config('enable_password'); $enable_pronoun = config('enable_pronoun'); $config = config(); $request = request(); @@ -146,12 +147,12 @@ function guest_register() } } - if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) { + if ($enable_password && $request->has('password') && strlen($request->postData('password')) >= $min_password_length) { if ($request->postData('password') != $request->postData('password2')) { $valid = false; $msg .= error(__('Your passwords don\'t match.'), true); } - } else { + } else if ($enable_password) { $valid = false; $msg .= error(sprintf( __('Your password is too short (please use at least %s characters).'), @@ -272,7 +273,9 @@ function guest_register() // Assign user-group and set password DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user->id]); - auth()->setPassword($user, $request->postData('password')); + if ($enable_password) { + auth()->setPassword($user, $request->postData('password')); + } // Assign angel-types $user_angel_types_info = []; @@ -422,9 +425,9 @@ function guest_register() ]), div('row', [ - div('col', [ + $enable_password ? div('col', [ form_password('password', __('Password') . ' ' . entry_required()) - ]), + ]) : '', $enable_planned_arrival ? div('col', [ form_date( @@ -436,9 +439,9 @@ function guest_register() ]), div('row', [ - div('col', [ + $enable_password ? div('col', [ form_password('password2', __('Confirm password') . ' ' . entry_required()) - ]), + ]) : '', div('col', [ $enable_tshirt_size ? form_select('tshirt_size',