chore: do not allow resetting password of non password users (#9003)

2025-07-08 11:39:50 +00:00 · 2023-08-09 13:56:13 -05:00
parent 919f5c6fe9
commit f334b66178
3 changed files with 16 additions and 1 deletions
--- a/coderd/users.go
+++ b/coderd/users.go
@ -733,6 +733,13 @@ func (api *API) putUserPassword(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if user.LoginType != database.LoginTypePassword {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Users without password login type cannot change their password.",
+		})
+		return
+	}
+
 	err := userpassword.Validate(params.Password)
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{