Don't require password on update if user doesn't have one (#9941)

packages/worker/src/api/routes/global/tests/users.spec.ts

@@ -4,6 +4,7 @@ jest.mock("nodemailer")
 import { TestConfiguration, mocks, structures } from "../../../../tests"
 const sendMailMock = mocks.email.mock()
 import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
+import * as userSdk from "../../../../sdk/users"
 
 const accounts = jest.mocked(_accounts)
 
@@ -468,6 +469,20 @@ describe("/api/global/users", () => {
         config.authHeaders(nonAdmin)
       )
     })
+
+    describe("sso users", () => {
+      function createSSOUser() {
+        return config.doInTenant(() => {
+          const user = structures.users.ssoUser()
+          return userSdk.save(user, { requirePassword: false })
+        })
+      }
+
+      it("should be able to update an sso user that has no password", async () => {
+        const user = await createSSOUser()
+        await config.api.users.saveUser(user)
+      })
+    })
   })
 
   describe("POST /api/global/users/bulk (delete)", () => {

packages/worker/src/sdk/users/users.ts

@@ -131,6 +131,11 @@ const buildUser = async (
 ): Promise<User> => {
   let { password, _id } = user
 
+  // don't require a password if the db user doesn't already have one
+  if (dbUser && !dbUser.password) {
+    opts.requirePassword = false
+  }
+
   let hashedPassword
   if (password) {
     if (await isPreventPasswordActions(user)) {