Option to disable password sync to local database

[mateenmoosa]

One of the features of this awesome plugin is that it allows a graceful fallback to local database of authentication in cases when Active Directory is unavailable. In order to accomplish that, the encrypted password is stored in the local database. This is the case even when this feature is turned off.

It would be preferable not to store passwords in the local database at all, so I propose that a flag be added in the configuration which would not sync the password field to the local database.

I believe the change would be in the file, "src/Traits/ImportsUsers.php" to skip the line 55.

// Sync the users password.
$model = $this->syncModelPassword($model, $password);

[stevebauman]

Hi @mateenmoosa, I definitely agree that this should be configurable. Though there are some considerations we should think about.

For example, by default laravel's users table migration includes a non-nullable password field. In this case, should the password be filled with a bcrypt()'ed random string?

This is actually the case with the WindowsAuthenticate middleware at the moment.

https://github.com/Adldap2/Adldap2-Laravel/blob/master/src/Middleware/WindowsAuthenticate.php#L69

[stevebauman]

Added implementation. Working on docs and tests, then will be released. Thanks!

[mateenmoosa]

Thanks for the quick fix!

I like the idea of a random string being placed there. I was initially
thinking of dropping that column in a migration, but your solution is
better.

Cheers.
On Wed, May 11, 2016 at 3:33 PM Steve Bauman [email protected]
wrote:

Added implementation. Working on docs and tests, then will be released.
Thanks!

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#99 (comment)

Mateen