shield icon indicating copy to clipboard operation
shield copied to clipboard

Published 20 hours ago verified publisher icon codeigniter4

Bug: $hash in User::SetPasswordHash not nullable

Open ludis opened this issue 11 months ago • 1 comments

PHP Version

8.3.4

CodeIgniter4 Version

4.5.2

Shield Version

1.1.0

Which operating systems have you tested for this bug?

macOS

Which server did you use?

apache

Database

MySQL 5.7

Did you customize Shield?

No

What happened?

Create new user with password empty User requests a login link

Error: CRITICAL - 2024-12-06 12:38:16 --> TypeError: CodeIgniter\Shield\Entities\User::setPasswordHash(): Argument #1 ($hash) must be of type string, null given

Steps to Reproduce

See 'what happened'

Expected Output

CodeIgniter\Shield\Entities\User::setPasswordHash() should accept NULL values I think. Since private property $password_hash of class User is nullable. Parameter $hash should be nullable, like this:
public function setPasswordHash(?string $hash)

Anything else?

No response

ludis avatar Dec 06 '24 15:12 ludis

@ludis Why do you allow null values for passwords? Have you validated the input before storing it? And what is your plan to ensure the security of accounts with empty passwords?

datamweb avatar Feb 06 '25 18:02 datamweb

Closed due to lack of feedback.

datamweb avatar Jul 16 '25 18:07 datamweb