Installer generated password validation allows empty password - Githubissues

riverrun / phauxth_installer

No longer maintained - Installer for the Phauxth authentication library

13 stars 4 forks source link

Installer generated password validation allows empty password #6

Closed zerosym closed 6 years ago

zerosym commented 6 years ago

Specifically -- this line does not include the password field in the required validator list. https://github.com/riverrun/phauxth_installer/blob/a37ae3fb73bee6178dd66a5d193bd8dc6360a204/phauxth_new/templates/user.ex#L27

The validate password method skips over its check since the password field is not present in the changeset when empty. https://github.com/riverrun/phauxth_installer/blob/a37ae3fb73bee6178dd66a5d193bd8dc6360a204/phauxth_new/templates/user.ex#L44

riverrun commented 6 years ago

Well spotted :)

Now fixed in the latest update.