Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Enable creating user accounts without passwords #1459
When users are using an IAuthenticator plugin to create and login to accounts using an external authentication service rather than CKAN's traditional username and password system, we still need to create user objects for these accounts in CKAN's database and these objects need to have randomly generated passwords even though those passwords will never be used. So it'd be good to allow creating passwordless user accounts that just can't be logged-in to via the traditional method, unless a sysadmin adds a password to the account.
ckanext-persona is an IAuthenticator extension that lets users login to CKAN using Mozilla Persona. When the user clicks the login button in CKAN they're redirected to Persona which asks them to give an email address and prove that they own it (by entering an email or Persona password, or responding to a verification email), Persona then passes on this verfication to CKAN. CKAN will find the user account that has the verified email address and log the user into it, or if no user account with that email address exists CKAN will create one and log them into it.
When creating a new user account for a Persona user one thing we need to do is generate a password for the account, simply because CKAN user accounts must have passwords. The user doesn't need this password to login - they do that via Persona. In fact, they won't be able to login using the autogenerated password because the password will never be shown to them. The password is nothing but a security vulnerability.
So it'd be nice if we could create user accounts with no passwords in CKAN, and logging into those accounts via the traditional username and password method would simply not work (they could only be logged-in to via Persona, or if a sysadmin adds a password to the account).
Creating a passwordless account could be something that only internal CKAN and extension code can do, and not via the API. Or maybe only sysadmin users could be allowed to do it via the API.
We discussed this in a dev meeting and decided it would be good to enable user accounts without passwords in CKAN, that cannot be logged-in to the traditional way. I can't remember what we decided about exactly how it should be implemented - usable by internal code only? Or by the API, but sysadmin only? Or just doable by the API, if you pass an explicit option?