Product support

Get help in the plugin support forum.

  • Added on Apr 8, 2020
  • Current version: 1.0.1
  • Compatibility
    October CMS v3.x not tested
    October CMS v2.x not tested
    October CMS v1.x use latest
  • Created by
  • Public repository


This plugin is an extension to RainLab User, allowing to mark user passwords as "unset". Users with an unset password won't be able to login until they set a new password (through the reset password form or the "Change password" page for instance).

What’s that for?

This plugin is useful for websites offering third-party authentification methods. For instance, when a user is registering on your website with Google, you may want to create a new account, but without a password. Thus, the user won't be able to user the login/password form, and will only be able to log in with Google, until he decides to set a password.

Also, these user won't be asked for their current password when editing their account details.

This plugin is required for the upcoming « Login With Social » plugin.


This plugin requires the RainLab User plugin. For this plugin to be useful, you should also have other authentification methods available on your website (i.e. social providers).

Set up

This plugin adds the attribute tlokuus_disablepassword_is_disabled to the RainLab User model. You can check the value of this attribute to check if a user doesn't have a password.

Whenever you're registering a new user via a third-party auth method, you should set this attribute to true.

$new_user = Auth::register([
    'email' => 'john@example.com',
    'tlokuus_disablepassword_is_disabled' => true

The tlokuus_disablepassword_is_disabled property can also be triggered manually in the backend. Beware, when enabled on a existing user, the old user password is erased.

When a new password is set, the tlokuus_disablepassword_is_disabled property is automatically turned off.

Customize error message

When a user with a disabled password attempts to login using a login/password combo, the auth.user_without_password_login_attempt event is fired and an error message is displayed. You can customize the error message to guide the user on how they should log in.

Event::listen('auth.user_without_password_login_attempt', function($user, &$message){
    if(/* User has linked its Google account */){
        $message = 'A matching user has been found, but the account has been created with Google. Please use your Google account to login.';
        $message = 'No password has been set for this user. Please use the Forgot password feature.';

Account edition page

This section is useful only if you have set the property requirePassword to true in your Account component in your account edition page

This plugin overrides the Account component from RainLab User plugin to allow edition of account details for users with no password, even if the requirePassword property has been enabled.

If you edited the default template of the Account component from the RainLab User plugin, make sure you still check the updateRequiresPassword attribute.

This attribute will be automatically set to false for users without password, so that they are able to edit their account details (including setting a password).


First version.

Apr 07, 2020