AuthSetPassword Function is able to create a new User #122
Comments
marvinside
added a commit
that referenced
this issue
Apr 3, 2017
Blocks creation of new Users with the AuthSetPassword function by returning an error and printing out a Stacktrace. See #122 Also added some Documentation.
|
e234d35: This Function now throws an Error and Prints a Stacktrace if it would otherwise create a new user. |
|
This seems to be in Use at 2 locations in the code:
|
marvinside
added a commit
that referenced
this issue
Apr 3, 2017
After a check from where AuthSetPassword is called, it should be safe to disable the unwanted behaivor because it is never used.
marvinside
added a commit
that referenced
this issue
Apr 3, 2017
After a check from where AuthSetPassword is called, it should be safe to disable the unwanted behaivor because it is never used. This closes #122.
marvinside
added a commit
that referenced
this issue
Apr 3, 2017
Git(Hub) does not worked the way as expected... :)
|
It might look strange but the sign up code doesn't use transaction (yet). So if there is a failure in between INSERTs, you'd have a half setup user. That's why there was an "UPSERT" in the code, making the function repeatable after failure ("idempotent"). Reason why they are so few transactions in the code: they can be slow, if you use a lot of them or if they are long. Also they don't exactly improve readability... |
bergold
pushed a commit
that referenced
this issue
Jan 24, 2018
The tests didn't pass with these changes. See #122.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
File: auth.go Function: AuthSetPassword()
The function is able to create a new User if the passed userId does not exists. This seems to be very bad behavior for the Name AuthSetPassword.
The text was updated successfully, but these errors were encountered: