cartalyst / sentinel

A framework agnostic authentication & authorization system.
BSD 3-Clause "New" or "Revised" License
1.52k stars 240 forks source link

Register without providing password #516

Closed minedun6 closed 4 years ago

minedun6 commented 5 years ago

Is there any way to register a new user by omitting password field ?

So far, I'm getting

InvalidArgumentException. You have not passed a [password].

so any way I can bypass the password field and register the user without password ?

brunogaspar commented 5 years ago

No, not without extending Sentinel, more specifically, the User Repository.

It's easier to just generate a random password for these Users, that way in the future, if you change the login flow, you don't end up with Users without passwords, they would just need to reset the password and potentially receive an email.

brunogaspar commented 4 years ago

Closing due to lack of activity. Feel free to reopen if you still have issues or other questions.

adam-jones-net commented 3 years ago

It would be far more secure for the admin have nothing to do with PW creation and let the user handle this via email invitation (assuming strict password requirements are sent when they are then made to define their own password).