added record.SetRandomPassword() helper and updated oauth2 autogenerated password handling

core/record_model_auth.go

@@ -1,5 +1,7 @@
 package core
 
+import "github.com/pocketbase/pocketbase/tools/security"
+
 // Email returns the "email" record field value (usually available with Auth collections).
 func (m *Record) Email() string {
 	return m.GetString(FieldNameEmail)
@@ -51,6 +53,25 @@ func (m *Record) SetPassword(password string) {
 	m.Set(FieldNamePassword, password)
 }
 
+// SetRandomPassword sets the "password" auth record field to a random autogenerated value.
+//
+// The autogenerated password is ~30 characters and it is set directly as hash,
+// aka. the field plain password value validators (length, pattern, etc.) are ignored
+// (this is usually used as part of the auto created OTP or OAuth2 user flows).
+func (m *Record) SetRandomPassword() string {
+	pass := security.RandomString(30)
+
+	m.Set(FieldNamePassword, pass)
+	m.RefreshTokenKey() // manually refresh the token key because the plain password is resetted
+
+	// unset the plain value to skip the field validators
+	if raw, ok := m.GetRaw(FieldNamePassword).(*PasswordFieldValue); ok {
+		raw.Plain = ""
+	}
+
+	return pass
+}
+
 // ValidatePassword validates a plain password against the "password" record field.
 //
 // Returns false if the password is incorrect.