fix: disallow passwort reset if it's a ldap user

2025-01-15 01:14:27 -05:00 · 2024-10-15 20:12:56 +02:00 · 2024-10-15 20:12:56 +02:00 · 2e692241c5
commit 2e692241c5
parent 1e96011793
1 changed files with 9 additions and 0 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@ -146,6 +146,15 @@ export class AuthService {

    if (!user) return;

+    if (user.ldapDN) {
+      this.logger.log(
+        `Failed password reset request for user ${email} because it is an LDAP user`,
+      );
+      throw new BadRequestException(
+        "This account can't reset its password here. Please contact your administrator.",
+      );
+    }
+
    // Delete old reset password token
    if (user.resetPasswordToken) {
      await this.prisma.resetPasswordToken.delete({