fix: Remove constraint on unhashed password being 'LDAP' (#6236)

2025-10-27 00:04:23 -04:00 · 2025-09-24 23:32:28 -05:00
parent 3ec55f0e48
commit c9f3f65f36
3 changed files with 3 additions and 3 deletions
--- a/mealie/routes/users/crud.py
+++ b/mealie/routes/users/crud.py
@@ -42,7 +42,7 @@ class UserController(BaseUserController):
    @user_router.put("/password")
    def update_password(self, password_change: ChangePassword):
        """Resets the User Password"""
-        if self.user.password == "LDAP" or self.user.auth_method == AuthMethod.LDAP:
+        if self.user.auth_method == AuthMethod.LDAP:
            raise HTTPException(
                status.HTTP_400_BAD_REQUEST, ErrorResponse.respond(self.t("user.ldap-update-password-unavailable"))
            )
--- a/mealie/services/user_services/password_reset_service.py
+++ b/mealie/services/user_services/password_reset_service.py
@@ -21,7 +21,7 @@ class PasswordResetService(BaseService):
            self.logger.error(f"failed to create password reset for {email=}: user doesn't exists")
            # Do not raise exception here as we don't want to confirm to the client that the Email doesn't exists
            return None
-        elif user.password == "LDAP" or user.auth_method == AuthMethod.LDAP:
+        elif user.auth_method == AuthMethod.LDAP:
            self.logger.error(f"failed to create password reset for {email=}: user controlled by LDAP")
            return None

--- a/tests/fixtures/fixture_users.py
+++ b/tests/fixtures/fixture_users.py
@@ -337,7 +337,7 @@ def ldap_user():
        user = db.users.create(
            {
                "username": utils.random_string(10),
-                "password": "mealie_password_not_important",
+                "password": "LDAP",
                "full_name": utils.random_string(10),
                "email": utils.random_string(10),
                "admin": False,