search

HackerNews-lsd2017 / hacker-news

Main repository hacker news
2 stars 1 forks source link

Register user with no password #8

Closed Emmely2008 closed 7 years ago

Emmely2008 commented 7 years ago

I can register user without any password and log in to the system.

To replicate:

  1. Go to the http://fe-hacker-news.s3-website-eu-west-1.amazonaws.com/.
  2. Go to login page
  3. In the Create Account form:
  4. Type in an email address.
  5. Leave password field empty.
  6. Submit the create account form.

The user is created and you can log in with email and but leaving password field empty.

Ldaxar commented 7 years ago

Hey @Emmely2008

I took a look in your issue and it seems that you are right.

This issue is going to be patched in new version of hackernews that will hopefully be delivered tomorrow.

Ldaxar commented 7 years ago

Hi again @Emmely2008

Thanks to your detailed description of issue I managed to apply necessary fix today. This issue is no longer present. (You still might be able to log in as user without password but certainly you can't create one - I will delete passwordless users soon).

Thank you for your valuable input which is very important factor in continuous improvement of our solution.