From 8ff2f04e4ce842ae70b0edfaef1d237dc69d6dec Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 18 Aug 2022 17:50:56 +0200
Subject: mod_auth_internal_hashed: Allow creating disabled account without
 password

Otherwise, create_user(username, nil) leads to the account being
deleted.
---
 plugins/mod_auth_internal_hashed.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 397d82e9..ddff31e9 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -115,8 +115,9 @@ function provider.users()
 end
 
 function provider.create_user(username, password)
+	local now = os.time();
 	if password == nil then
-		return accounts:set(username, {});
+		return accounts:set(username, { created = now; updated = now; disabled = true });
 	end
 	local salt = generate_uuid();
 	local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count);
@@ -125,7 +126,6 @@ function provider.create_user(username, password)
 	end
 	local stored_key_hex = to_hex(stored_key);
 	local server_key_hex = to_hex(server_key);
-	local now = os.time();
 	return accounts:set(username, {
 		stored_key = stored_key_hex, server_key = server_key_hex,
 		salt = salt, iteration_count = default_iteration_count,
-- 
cgit v1.2.3