Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MYST-228 Permit empty identity password when creating identity #90

Merged
merged 1 commit into from Jan 10, 2018

Conversation

Projects
None yet
3 participants
@donce
Copy link
Contributor

commented Jan 10, 2018

No description provided.

@@ -123,7 +123,7 @@ func validateRegistrationRequest(regReq identityRegistrationDto) (err error) {

func validateCreationRequest(createReq *identityCreationDto) (errors *validation.FieldErrorMap) {
errors = validation.NewErrorMap()
if len(createReq.Password) == 0 {
if createReq.Password == nil {

This comment has been minimized.

Copy link
@tadovas

tadovas Jan 10, 2018

Member

what if { "password" : "" } maybe it's better to check if len(createReq.Password) ==0 ? In this case we will handle both (not present) and (present but empty) cases.

This comment has been minimized.

Copy link
@donce

donce Jan 10, 2018

Author Contributor

It's a bit dangerous to allow making empty POST /identities, which returns you an account with empty password - api user might not realise that empty password was used!

Requiring to pass in {"password": ""} ensures that api user is aware that he is creating an account with empty password.

@Waldz

Waldz approved these changes Jan 10, 2018

@donce donce merged commit e6d7d40 into master Jan 10, 2018

@donce donce deleted the feature/MYST-228-permit-empty-identity-password branch Jan 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.