Don't require password on update if user doesn't have one (#9941)

This commit is contained in:
Rory Powell 2023-03-08 12:00:02 +00:00 committed by GitHub
parent ee2a7a2e74
commit b92d9c60ca
2 changed files with 20 additions and 0 deletions

View File

@ -4,6 +4,7 @@ jest.mock("nodemailer")
import { TestConfiguration, mocks, structures } from "../../../../tests" import { TestConfiguration, mocks, structures } from "../../../../tests"
const sendMailMock = mocks.email.mock() const sendMailMock = mocks.email.mock()
import { events, tenancy, accounts as _accounts } from "@budibase/backend-core" import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
import * as userSdk from "../../../../sdk/users"
const accounts = jest.mocked(_accounts) const accounts = jest.mocked(_accounts)
@ -468,6 +469,20 @@ describe("/api/global/users", () => {
config.authHeaders(nonAdmin) config.authHeaders(nonAdmin)
) )
}) })
describe("sso users", () => {
function createSSOUser() {
return config.doInTenant(() => {
const user = structures.users.ssoUser()
return userSdk.save(user, { requirePassword: false })
})
}
it("should be able to update an sso user that has no password", async () => {
const user = await createSSOUser()
await config.api.users.saveUser(user)
})
})
}) })
describe("POST /api/global/users/bulk (delete)", () => { describe("POST /api/global/users/bulk (delete)", () => {

View File

@ -131,6 +131,11 @@ const buildUser = async (
): Promise<User> => { ): Promise<User> => {
let { password, _id } = user let { password, _id } = user
// don't require a password if the db user doesn't already have one
if (dbUser && !dbUser.password) {
opts.requirePassword = false
}
let hashedPassword let hashedPassword
if (password) { if (password) {
if (await isPreventPasswordActions(user)) { if (await isPreventPasswordActions(user)) {