Don't require password on update if user doesn't have one (#9941)

2023-03-08 12:00:02 +00:00 · 2023-03-08 12:00:02 +00:00 · b92d9c60ca
parent ee2a7a2e74
commit b92d9c60ca
2 changed files with 20 additions and 0 deletions
--- a/packages/worker/src/api/routes/global/tests/users.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/users.spec.ts
@ -4,6 +4,7 @@ jest.mock("nodemailer")
 import { TestConfiguration, mocks, structures } from "../../../../tests"
 const sendMailMock = mocks.email.mock()
 import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
+import * as userSdk from "../../../../sdk/users"

 const accounts = jest.mocked(_accounts)

@ -468,6 +469,20 @@ describe("/api/global/users", () => {
        config.authHeaders(nonAdmin)
      )
    })
+
+    describe("sso users", () => {
+      function createSSOUser() {
+        return config.doInTenant(() => {
+          const user = structures.users.ssoUser()
+          return userSdk.save(user, { requirePassword: false })
+        })
+      }
+
+      it("should be able to update an sso user that has no password", async () => {
+        const user = await createSSOUser()
+        await config.api.users.saveUser(user)
+      })
+    })
  })

  describe("POST /api/global/users/bulk (delete)", () => {
--- a/packages/worker/src/sdk/users/users.ts
+++ b/packages/worker/src/sdk/users/users.ts
@ -131,6 +131,11 @@ const buildUser = async (
 ): Promise<User> => {
  let { password, _id } = user

+  // don't require a password if the db user doesn't already have one
+  if (dbUser && !dbUser.password) {
+    opts.requirePassword = false
+  }
+
  let hashedPassword
  if (password) {
    if (await isPreventPasswordActions(user)) {