So I’ve definitely made some changes to Discourse’s registration flow to better fit my needs, but a new bug introduced itself recently and I wanted to double check whether it was actually a bug.
My belief was that the design pattern for registration using oAuth credentials would not require a password. That’s sort of the point right, that you don’t have passwords for things all over the internet, but just use your authentication from a common provider?
However I’m getting a password validation failure on creating an account via google apps oauth - that the password is too short.
It looks like 155 of
users_controller.rb is the culprit:
user.password_required! unless auth
commenting that out seemed to fix the problem, but I think changing it to something like
user.password_required! unless valid_session_authentication?(auth, params[:email])
might be the better course of action?