Cannot create passwordless user, even though passwords are disabled #13274
Comments
|
I can confirm. The "required" attribute for "PasswordField" is left at the default "true". We might want to change this, if OAuth is enabled. immich/web/src/lib/components/forms/create-user-form.svelte Lines 91 to 94 in a11d454 |
|
Hello @C-Otto , I looked up code for this also when we accept body for creating user there also we are validating for empty password. If User switches to normal login flow at that time what should we do for the user created for OAuth? |
Empty passwords would fail bcrypt hash validation, so those users would be unable to log in until admin created a password for them. |
|
I was looking up to solve this issue. I tried to solve it in my local environment with following approach For web :- The user creation form will allow empty password if OAuth is enabled in System Config For Server :- When creating user there will be check for OAuth and if only it is enabled then we would allow request without any password and user will be created. Is this right approach to solve this issue? Thank you. |
The bug
Unable to create accounts without providing a password, even though I have password logins disabled and I'm using OAuth2 (working)
The OS that Immich Server is running on
Debian
Version of Immich Server
v1.117.0
Version of Immich Mobile App
N/A
Platform with the issue
Your docker-compose.yml content
N/AYour .env content
Reproduction steps
Steps
AdministrationSettingsAuth settingsOauth-> enabled and workingPassword Login-> disabledUsersCreate userEmail, disableRequire user to change password on first loginCreateExpected
User gets created and can auth with OAuth2, assuming user has account with matching email with the OAuth2 provider.
Actual
Error
Please fill in this fieldappears at the password field.Relevant log output
Additional information
No response
The text was updated successfully, but these errors were encountered: