External Authentication Auto Register password not encrypted

Hi.

Just enabled OpenID plugin. NopCommerce v3.0.
No modifications created to OpenID external authentication plugin.


Works fine for us excluding that part if Auto Register enabled in the customer settings, its creating registered customer, but generated password saved as a clear text in database, even with setting Default Password Format = "Encrypted". Tested.

In addition to that, customer don't know his new password and have to re-login next time through third party provider again,
or just reset his password.

Is any chance to create feature that if the customer registered through the OpenID and AutoRegister is enabled, then customer have to set his new password himself (I believe Password Reset link should work perfectly in this case, but I've no idea how to include that link into Welcome e-mail for only that particular cases), because I think send his new password through e-mail is insecure.

Thanks.

Kind regards,
Vadim.

Hi Vadim,

Thanks. But it's not the bug. It's by design. In most cases sites do not send a generate password when somebody registers using some social network account (e.g. Facebook). You'll have to customize the solution in order to implement it. You can put the logic into "Authorize" method of \Libraries\Nop.Services\Authentication\External\ExternalAuthorizer.cs

Regarding password format. Open "Authorize" method of \Libraries\Nop.Services\Authentication\External\ExternalAuthorizer.cs and replace "PasswordFormat.Clear" with "PasswordFormat.Encrypted". It was done so a password value could be loaded later in case if a store owner will want to send a password to a customer (also after some customization)

Ok. Thanks a lot!