Prevent users from resetting their password when the user is using SSO

1 files changed, 24 insertions, 0 deletions

diff --git a/api/user_test.go b/api/user_test.go
index 77309e5b2..b54e030c5 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -817,6 +817,16 @@ func TestSendPasswordReset(t *testing.T) {
 	if _, err := Client.SendPasswordReset(data); err == nil {
 		t.Fatal("Should have errored - bad name")
 	}
+
+	user2 := &model.User{TeamId: team.Id, Email: strings.ToLower(model.NewId()) + "corey@test.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"}
+	user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user2.Id))
+
+	data["email"] = user2.Email
+	data["name"] = team.Name
+	if _, err := Client.SendPasswordReset(data); err == nil {
+		t.Fatal("should have errored - SSO user can't send reset password link")
+	}
 }
 
 func TestResetPassword(t *testing.T) {
@@ -901,6 +911,20 @@ func TestResetPassword(t *testing.T) {
 	if _, err := Client.ResetPassword(data); err == nil {
 		t.Fatal("Should have errored - domain team doesn't match user team")
 	}
+
+	user2 := &model.User{TeamId: team.Id, Email: strings.ToLower(model.NewId()) + "corey@test.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"}
+	user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user2.Id))
+
+	data["new_password"] = "newpwd"
+	props["user_id"] = user2.Id
+	props["time"] = fmt.Sprintf("%v", model.GetMillis())
+	data["data"] = model.MapToJson(props)
+	data["hash"] = model.HashPassword(fmt.Sprintf("%v:%v", data["data"], utils.Cfg.EmailSettings.PasswordResetSalt))
+	data["name"] = team.Name
+	if _, err := Client.ResetPassword(data); err == nil {
+		t.Fatal("should have errored - SSO user can't reset password")
+	}
 }
 
 func TestUserUpdateNotify(t *testing.T) {