dwyl
Allow Password Creation for Accounts Created with Google/GitHub Auth
If a person login to the application using Google first, no password is saved in the database. If then the same person try to register/login with email/password the application find the existing user by email and will try to compare the hash password, however the current one on the database is nil which break the password check:
We can not update the password when the user login as it will allow anyone to set the password for this user.
My idea is to send an reset email to the user when she can will be able to setup the new password via a specific link
@SimonLab Good catch.
I think this needs a little more thought in terms of what a user might expect. I need to do some research here to define the criteria :+1:
Transferring this issue to Auth as it's relevant to anyone using our Auth System/Service.
If someone successfully authenticates with their Google Account their email address will be associated with their person record. If they then attempt to Login using an email address we will know that they don't have a Password defined because person.password_hash is nil
So we will render the "Password Create" form and allow them to define one:
https://github.com/dwyl/auth/blob/a3dff03c6a2cbdcd9c86e8b170ba9add41565f4f/lib/auth_web/controllers/auth_controller.ex#L227-L229
@SimonLab totally agree that allowing people to login with their Google mail is a useful thing to have.
Right now I (personally) am only using Google/GitHub Auth.
I've added priority-3 to this issue to reflect that we want to resolve it, but we have other things that are higher ... 💭