fix(core): user should be able to set password even if they do not have one (#3331)

packages/console/src/pages/Profile/containers/ChangePasswordModal/index.tsx

@@ -90,13 +90,7 @@ const ChangePasswordModal = () => {
   };
 
   return (
-    <MainFlowLikeModal
-      title="profile.password.set_password"
-      onClose={onClose}
-      onGoBack={() => {
-        navigate('../verify-password', { state });
-      }}
-    >
+    <MainFlowLikeModal title="profile.password.set_password" onClose={onClose} onGoBack={onClose}>
       <TextInput
         placeholder={t('profile.password.password')}
         {...register('newPassword', {

packages/core/src/routes-me/user.ts

@@ -133,7 +133,7 @@ export default function userRoutes<T extends AuthedMeRouter>(
       const { id: userId } = ctx.auth;
       const { password } = ctx.guard.body;
 
-      const { isSuspended } = await findUserById(userId);
+      const { isSuspended, passwordEncrypted: oldPasswordEncrypted } = await findUserById(userId);
 
       assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
 
@@ -142,7 +142,9 @@ export default function userRoutes<T extends AuthedMeRouter>(
 
       assertThat(sessionId, new RequestError({ code: 'session.not_found', status: 401 }));
 
-      await checkVerificationStatus(userId, sessionId);
+      if (oldPasswordEncrypted) {
+        await checkVerificationStatus(userId, sessionId);
+      }
 
       const { passwordEncrypted, passwordEncryptionMethod } = await encryptUserPassword(password);
       await updateUserById(userId, { passwordEncrypted, passwordEncryptionMethod });