Only set the user password if the password field would have been shown (#12980)
POSTing to /admin/users/:id should only set the password if the the user IsLocal or IsOauth2 Fix #12952 Signed-off-by: Andrew Thornton <art27@cantab.net>release/v1.15
parent
9b6361f8a0
commit
1bcf1ad643
|
@ -224,7 +224,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.Password) > 0 {
|
if len(form.Password) > 0 && (u.IsLocal() || u.IsOAuth2()) {
|
||||||
var err error
|
var err error
|
||||||
if len(form.Password) < setting.MinPasswordLength {
|
if len(form.Password) < setting.MinPasswordLength {
|
||||||
ctx.Data["Err_Password"] = true
|
ctx.Data["Err_Password"] = true
|
||||||
|
|
Loading…
Reference in New Issue