Open Thinkscape opened 1 week ago
I can confirm. The "required" attribute for "PasswordField" is left at the default "true". We might want to change this, if OAuth is enabled.
Hello @C-Otto , I looked up code for this also when we accept body for creating user there also we are validating for empty password.
If User switches to normal login flow at that time what should we do for the user created for OAuth?
If User switches to normal login flow at that time what should we do for the user created for OAuth?
Empty passwords would fail bcrypt hash validation, so those users would be unable to log in until admin created a password for them.
I was looking up to solve this issue. I tried to solve it in my local environment with following approach
For web :- The user creation form will allow empty password if OAuth is enabled in System Config
For Server :- When creating user there will be check for OAuth and if only it is enabled then we would allow request without any password and user will be created.
Is this right approach to solve this issue?
Thank you.
The bug
Unable to create accounts without providing a password, even though I have password logins disabled and I'm using OAuth2 (working)
The OS that Immich Server is running on
Debian
Version of Immich Server
v1.117.0
Version of Immich Mobile App
N/A
Platform with the issue
Your docker-compose.yml content
Your .env content
Reproduction steps
Steps
Administration
Settings
Auth settings
Oauth
-> enabled and workingPassword Login
-> disabledUsers
Create user
Email
, disableRequire user to change password on first login
Create
Expected
User gets created and can auth with OAuth2, assuming user has account with matching email with the OAuth2 provider.
Actual
Error
Please fill in this field
appears at the password field.Relevant log output
Additional information
No response