From 2e692241c57b001c9312302523c6374c0c24ea0c Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Tue, 15 Oct 2024 20:12:56 +0200
Subject: [PATCH] fix: disallow passwort reset if it's a ldap user

---
 backend/src/auth/auth.service.ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index 275d1132..501990d5 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -146,6 +146,15 @@ export class AuthService {
 
     if (!user) return;
 
+    if (user.ldapDN) {
+      this.logger.log(
+        `Failed password reset request for user ${email} because it is an LDAP user`,
+      );
+      throw new BadRequestException(
+        "This account can't reset its password here. Please contact your administrator.",
+      );
+    }
+
     // Delete old reset password token
     if (user.resetPasswordToken) {
       await this.prisma.resetPasswordToken.delete({