[#9064] - Fix self-registration when autoregistering password
- Closed
- 21 May 2017
- Medium
- Build: staging
- # 9064
- Diff
- wilsonge:user-reg
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
User tests: Successful: Unsuccessful:
If you try and create an account through the user profiles you will find that whatever password you set in the $response variable in your authentication plugin, then the password is autogenerated. This is for two reasons:
-
The variable user (which is just a typehinted array instance of
JAuthenticationResponse) doesn't contain apassword_clearproperty ever), -
In
JUserif you are going to set a password will use thepasswordpropertypassword_clearis just there to access a property for things like emails when resetting a password. So we set thepassword_clearandpasswordproperty (just like in methodUsesrModelReset::processResetComplete()).
This patch therefore means that if you choose not to enter a password property into the $response object of your authentication plugin then it will just be auto-generated still. If you choose to set it then it will use that password rather than the Joomla generated password.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Status | Pending | ⇒ | Information Required |
No it's basically if you have a authentication plugin that runs to a service outside of Joomla which authenticates successfully - the API should allow said authentication plugin to specify the password (optionally) and it will automatically create a Joomla user with that password. But actually what happens is that whatever password the plugin sets is overridden with a random password.
I will try and create a dummy authentication plugin over the next two days (priority this evening is to get the Joomla Update to trigger the utf8mb4 upgrade) to demonstrate this behaviour - as I came across it at work with a plugin I'm not able to share :(
No wonder I couldn't replicate
On 1 Mar 2016 10:03 am, "George Wilson" notifications@github.com wrote:
No it's basically if you have a authentication plugin that runs to a
service outside of Joomla which authenticates successfully - the API should
allow said authentication plugin to specify the password (optionally) and
it will automatically create a Joomla user with that password. But actually
what happens is that whatever password the plugin sets is overridden with a
random password.I will try and create a dummy authentication plugin over the next two days
(priority this evening is to get the Joomla Update to trigger the utf8mb4
upgrade) to demonstrate this behaviour - as I came across it at work with a
plugin I'm not able to share :(—
Reply to this email directly or view it on GitHub
#9064 (comment).
It's a pretty edge case - but as the code is there to support it - it may as well work :P
| Category | ⇒ | Authentication |
| Status | Information Required | ⇒ | Pending |
| Labels |
Added:
?
|
||
| Category | Authentication | ⇒ | Plugins Front End Authentication |
| Labels |
Removed:
?
|
||
@wilsonge Are you going to provide the plugin for testing?
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9064.
@franz-wohlkoenig we have some conflicts with this PR
@wilsonge please fix the conflicting file :)
Closing PR as abandoned since there have been no updates in over a year.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-05-21 22:19:45 |
| Closed_By | ⇒ | mbabker |
@wilsonge If I read this correctly you are saying that if you create a new user in the admin then it doesnt matter what you enter in the password field as Joomla will replace that with an auto-generated password. I cant replicate that - maybe I am misunderstanding something in the how to replicate
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9064.