Having a blank string password is not recommended for cases
when the user should be explicitly marked as having no password.
This is exactly the recommended way that is used when the
authentication for the application takes place outside.
Right now the feature of creating users aren't very useful, since
it doesn't allow to set additional parameters on the user and
most of the developers have to create users in response callbacks.
With this simple fix, we return the power to the settings
CAS_AUTO_CREATE_USER, so users can set it and build their custom
middleware by inheritance.
Having a blank string password is not recommended for cases when the user should be explicitly marked as having no password. This is exactly the recommended way that is used when the authentication for the application takes place outside.
Right now the feature of creating users aren't very useful, since it doesn't allow to set additional parameters on the user and most of the developers have to create users in response callbacks. With this simple fix, we return the power to the settings CAS_AUTO_CREATE_USER, so users can set it and build their custom middleware by inheritance.