Resetting Password to blank possible

[fuchsberger]

I found a minor inconvenience when resetting passwords via email and disabling browser form validation. There seems to be a missing validation check and just submitting the form without filling out password and password_confirm results in a lockout of the account requiring another password reset.

Another, more general question: If I were to change a underlying default controller action of Coherence how would you set something like that up? I am pretty new to elixir and i guess there is a way to replace an already defined defmodule action.

Many thanks

[moalfa]

After disabling browser form validation. the blank Password reseting will be shown as succeed, but Ecto won't update the password in the database (@Sathras can you please confirm that with your case). The Problem is that Ecto won't recognise any changes. and the changeset will be valid with changes: %{} for more infos: https://hexdocs.pm/ecto/Ecto.Changeset.html#module-empty-values

to prevent this issue you can change the cast function in you user_schema in CoherenceDemo for example change the line in CoherenceDemo.Coherence.User from: |> cast(params, [:name, :email] ++ coherence_fields()) to: |> cast(params, [:name, :email] ++ coherence_fields(), [empty_values: []])