added record.SetRandomPassword() helper and updated oauth2 autogenerated password handling

2025-11-24 07:04:51 +02:00 · 2024-12-26 13:24:03 +02:00
parent d8c0b11271
commit d34c8ec048
8 changed files with 126 additions and 37 deletions
--- a/core/record_model_auth.go
+++ b/core/record_model_auth.go
@@ -1,5 +1,7 @@
 package core

+import "github.com/pocketbase/pocketbase/tools/security"
+
 // Email returns the "email" record field value (usually available with Auth collections).
 func (m *Record) Email() string {
 	return m.GetString(FieldNameEmail)
@@ -51,6 +53,25 @@ func (m *Record) SetPassword(password string) {
 	m.Set(FieldNamePassword, password)
 }

+// SetRandomPassword sets the "password" auth record field to a random autogenerated value.
+//
+// The autogenerated password is ~30 characters and it is set directly as hash,
+// aka. the field plain password value validators (length, pattern, etc.) are ignored
+// (this is usually used as part of the auto created OTP or OAuth2 user flows).
+func (m *Record) SetRandomPassword() string {
+	pass := security.RandomString(30)
+
+	m.Set(FieldNamePassword, pass)
+	m.RefreshTokenKey() // manually refresh the token key because the plain password is resetted
+
+	// unset the plain value to skip the field validators
+	if raw, ok := m.GetRaw(FieldNamePassword).(*PasswordFieldValue); ok {
+		raw.Plain = ""
+	}
+
+	return pass
+}
+
 // ValidatePassword validates a plain password against the "password" record field.
 //
 // Returns false if the password is incorrect.
--- a/core/record_model_auth_test.go
+++ b/core/record_model_auth_test.go
@@ -1,9 +1,11 @@
 package core_test

 import (
+	"context"
 	"testing"

 	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/security"
 )

@@ -117,3 +119,42 @@ func TestRecordPassword(t *testing.T) {
 		})
 	}
 }
+
+func TestRecordSetRandomPassword(t *testing.T) {
+	t.Parallel()
+
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	oldTokenKey := "old_tokenKey"
+	record := core.NewRecord(core.NewAuthCollection("test"))
+	record.SetTokenKey(oldTokenKey)
+
+	pass := record.SetRandomPassword()
+
+	if pass == "" {
+		t.Fatal("Expected non-empty generated random password")
+	}
+
+	if !record.ValidatePassword(pass) {
+		t.Fatal("Expected the generated random password to be valid")
+	}
+
+	if record.TokenKey() == oldTokenKey {
+		t.Fatal("Expected token key to change")
+	}
+
+	f, ok := record.Collection().Fields.GetByName(core.FieldNamePassword).(*core.PasswordField)
+	if !ok {
+		t.Fatal("Expected *core.PasswordField")
+	}
+
+	// ensure that the field validators will be ignored
+	f.Min = 1
+	f.Max = 2
+	f.Pattern = `\d+`
+
+	if err := f.ValidateValue(context.Background(), app, record); err != nil {
+		t.Fatalf("Expected password field plain value validators to be ignored, got %v", err)
+	}
+}