realaravinth/bench-forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only set the user password if the password field would have been shown (#12980)

Browse source 
POSTing to /admin/users/:id should only set the password if the the user
IsLocal or IsOauth2

Fix #12952

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2020-09-29 21:27:03 +01:00 committed by GitHub
parent 9b6361f8a0
commit 1bcf1ad643
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
routers/admin/users.go
View file

@ -224,7 +224,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
} }
} }
if len(form.Password) > 0 { if len(form.Password) > 0 && (u.IsLocal() || u.IsOAuth2()) {
var err error var err error
if len(form.Password) < setting.MinPasswordLength { if len(form.Password) < setting.MinPasswordLength {
ctx.Data["Err_Password"] = true ctx.Data["Err_Password"] = true