If one hasn't filled out the password field in the login form, CRAM will still make a hash of it, effectively disabling Drupal's form validator's checking of it being entered.

How to duplicate:
1) Install and enable CRAM
2) Log out
3) Try to login without filling out the password field
4) Watch Drupal not complain about missing data! (If you didn't fill out username either, it will complain about that though.)
5) Write a patch to fix this :) (Or I might get around to it, doesn't seem like a very advanced bug...)

Comments

selmanj’s picture

Thanks for the bug report! I modified the js to include a 'if passField.value != '') around the check. Look at the latest -dev to see it.

selmanj’s picture

Status: Active » Fixed
Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.