Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MYST-228 Permit empty identity password when creating identity #90

merged 1 commit into from Jan 10, 2018


None yet
3 participants
Copy link

commented Jan 10, 2018

No description provided.

@@ -123,7 +123,7 @@ func validateRegistrationRequest(regReq identityRegistrationDto) (err error) {

func validateCreationRequest(createReq *identityCreationDto) (errors *validation.FieldErrorMap) {
errors = validation.NewErrorMap()
if len(createReq.Password) == 0 {
if createReq.Password == nil {

This comment has been minimized.

Copy link

tadovas Jan 10, 2018


what if { "password" : "" } maybe it's better to check if len(createReq.Password) ==0 ? In this case we will handle both (not present) and (present but empty) cases.

This comment has been minimized.

Copy link

donce Jan 10, 2018

Author Contributor

It's a bit dangerous to allow making empty POST /identities, which returns you an account with empty password - api user might not realise that empty password was used!

Requiring to pass in {"password": ""} ensures that api user is aware that he is creating an account with empty password.


Waldz approved these changes Jan 10, 2018

@donce donce merged commit e6d7d40 into master Jan 10, 2018

@donce donce deleted the feature/MYST-228-permit-empty-identity-password branch Jan 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.