Bug: $hash in User::SetPasswordHash not nullable #1234
Labels
bug
Something isn't working
waiting for info
Issues or pull requests that need further clarification from the author
Comments
|
@ludis Why do you allow null values for passwords? Have you validated the input before storing it? And what is your plan to ensure the security of accounts with empty passwords? |
datamweb
added
the
waiting for info
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PHP Version
8.3.4
CodeIgniter4 Version
4.5.2
Shield Version
1.1.0
Which operating systems have you tested for this bug?
macOS
Which server did you use?
apache
Database
MySQL 5.7
Did you customize Shield?
No
What happened?
Create new user with password empty
User requests a login link
Steps to Reproduce
See 'what happened'
Expected Output
CodeIgniter\Shield\Entities\User::setPasswordHash() should accept NULL values I think.
Since private property $password_hash of class User is nullable.
Parameter $hash should be nullable, like this:
public function setPasswordHash(?string $hash)
Anything else?
No response
The text was updated successfully, but these errors were encountered: