role cannot be changed if the user has not yet set a password

plan-net / core4

Develop, Operate and Collaborate on Data and Analytics

Mozilla Public License 2.0

9 stars 14 forks source link

role cannot be changed if the user has not yet set a password #198

Open basteiz opened 4 years ago

basteiz commented 4 years ago

its impossible to set new permissions for a role with email(User), i get a 400 Bad Request, if the user hasn't set his password yet.

checked in mono the user doesn't have a "password" key in his dataset.

m-rau commented 4 years ago

issue still exists. Possible root cause is the the FE sends a password field which is empty. The role manager handles that. The approach to set a secure random password fails because it only applies if the password field is not present. An empty password field does not create a secure random password.

solution required

test if password field is missing or if password field is empty. In this case set a secure random password.

m-rau commented 3 years ago

fix with #224