From 4734912c521be4367b1d8ca255cc76c0095839b4 Mon Sep 17 00:00:00 2001
From: JoramWilander <jwawilander@gmail.com>
Date: Thu, 22 Oct 2015 10:53:39 -0400
Subject: Prevent users from resetting their password when the user is using
 SSO

---
 api/user.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'api/user.go')

diff --git a/api/user.go b/api/user.go
index 0c7278711..5e5ff79f1 100644
--- a/api/user.go
+++ b/api/user.go
@@ -1241,6 +1241,11 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
 		user = result.Data.(*model.User)
 	}
 
+	if len(user.AuthData) != 0 {
+		c.Err = model.NewAppError("sendPasswordReset", "Cannot reset password for SSO accounts", "userId="+user.Id+", teamId="+team.Id)
+		return
+	}
+
 	newProps := make(map[string]string)
 	newProps["user_id"] = user.Id
 	newProps["time"] = fmt.Sprintf("%v", model.GetMillis())
@@ -1325,6 +1330,11 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
 		user = result.Data.(*model.User)
 	}
 
+	if len(user.AuthData) != 0 {
+		c.Err = model.NewAppError("resetPassword", "Cannot reset password for SSO accounts", "userId="+user.Id+", teamId="+team.Id)
+		return
+	}
+
 	if user.TeamId != team.Id {
 		c.Err = model.NewAppError("resetPassword", "Trying to reset password for user on wrong team.", "userId="+user.Id+", teamId="+team.Id)
 		c.Err.StatusCode = http.StatusForbidden
-- 
cgit v1.2.3-1-g7c22