From d8deb0285f747661f302ad30a18ec87b9bfce47e Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Sat, 31 Dec 2022 09:30:07 +0800
Subject: [PATCH] fix(core): register with social should not ask for password
 (#2793)

---
 .../mandatory-user-profile-validation.test.ts        | 12 ++++++++++++
 .../mandatory-user-profile-validation.ts             |  8 +++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.test.ts b/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.test.ts
index 677d38687..d408c0da7 100644
--- a/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.test.ts
+++ b/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.test.ts
@@ -64,6 +64,18 @@ describe('validateMandatoryUserProfile', () => {
     await expect(validateMandatoryUserProfile(baseCtx, interaction)).resolves.not.toThrow();
   });
 
+  it('register user has social profile', async () => {
+    await expect(
+      validateMandatoryUserProfile(baseCtx, {
+        event: InteractionEvent.Register,
+        profile: {
+          username: 'foo',
+          connectorId: 'logto',
+        },
+      })
+    ).resolves.not.toThrow();
+  });
+
   it('email missing but required', async () => {
     const ctx = {
       ...baseCtx,
diff --git a/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.ts b/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.ts
index b0db12a8b..5c7856c13 100644
--- a/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.ts
+++ b/packages/core/src/routes/interaction/verifications/mandatory-user-profile-validation.ts
@@ -23,7 +23,13 @@ const getMissingProfileBySignUpIdentifiers = ({
 }) => {
   const missingProfile = new Set<MissingProfile>();
 
-  if (signUp.password && !(user && isUserPasswordSet(user)) && !profile?.password) {
+  if (
+    signUp.password &&
+    !(user && isUserPasswordSet(user)) &&
+    !profile?.password &&
+    // Social identities can take place the role of password
+    !profile?.connectorId
+  ) {
     missingProfile.add(MissingProfile.password);
   }