From c3fe8f6cf27f45d3fbcdc625ba547e3736edd07a Mon Sep 17 00:00:00 2001
From: tobiasKaminsky <tobias@kaminsky.me>
Date: Thu, 24 Nov 2016 19:30:36 +0100
Subject: [PATCH] use random password if "password link" is enabled

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 lib/private/User/Manager.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index 39845fba88..b1f328b6f1 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -281,9 +281,11 @@ class Manager extends PublicEmitter implements IUserManager {
 		if (strlen(trim($uid, "\t\n\r\0\x0B\xe2\x80\x8b")) !== strlen(trim($uid))) {
 			throw new \Exception($l->t('Username contains whitespace at the beginning or at the end'));
 		}
-		// empty password only allowed if password link is sent
+		// if password link is sent use random password; permit empty password
 		if (trim($password) == '' && $this->config->getAppValue('core', 'umgmt_send_passwordlink', 'false') === 'false') {
 			throw new \Exception($l->t('A valid password must be provided'));
+		} else {
+			$password = \OC::$server->getSecureRandom()->generate(32);
 		}
 
 		// Check if user already exists