diff options
author | JoramWilander <jwawilander@gmail.com> | 2015-10-22 10:53:39 -0400 |
---|---|---|
committer | JoramWilander <jwawilander@gmail.com> | 2015-10-22 10:53:39 -0400 |
commit | 4734912c521be4367b1d8ca255cc76c0095839b4 (patch) | |
tree | 641c4fe0667ddad97cd7ec0a09b4ba3b6441200e /store/sql_user_store.go | |
parent | 2d922fde7e33125b55fd70f713c867db89ebfcf5 (diff) | |
download | chat-4734912c521be4367b1d8ca255cc76c0095839b4.tar.gz chat-4734912c521be4367b1d8ca255cc76c0095839b4.tar.bz2 chat-4734912c521be4367b1d8ca255cc76c0095839b4.zip |
Prevent users from resetting their password when the user is using SSO
Diffstat (limited to 'store/sql_user_store.go')
-rw-r--r-- | store/sql_user_store.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/store/sql_user_store.go b/store/sql_user_store.go index a2b317afa..5fab38ace 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -125,6 +125,7 @@ func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreCha oldUser := oldUserResult.(*model.User) user.CreateAt = oldUser.CreateAt user.AuthData = oldUser.AuthData + user.AuthService = oldUser.AuthService user.Password = oldUser.Password user.LastPasswordUpdate = oldUser.LastPasswordUpdate user.LastPictureUpdate = oldUser.LastPictureUpdate @@ -265,7 +266,7 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne updateAt := model.GetMillis() - if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { + if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, FailedAttempts = 0 WHERE Id = :UserId AND AuthData = ''", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { result.Err = model.NewAppError("SqlUserStore.UpdatePassword", "We couldn't update the user password", "id="+userId+", "+err.Error()) } else { result.Data = userId |