From 8a1c05697f1b137928b2d4b1eb8bfdaf32c3e6da Mon Sep 17 00:00:00 2001
From: Taha Yassine Kraiem <tahayk2@gmail.com>
Date: Fri, 3 Dec 2021 12:02:50 +0100
Subject: [PATCH] feat(api): allow change password for double-auth

---
 api/chalicelib/core/reset_password.py    | 2 +-
 ee/api/chalicelib/core/reset_password.py | 2 +-
 ee/api/chalicelib/core/users.py          | 5 +++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/api/chalicelib/core/reset_password.py b/api/chalicelib/core/reset_password.py
index e4ee1b61d..a8dbabf31 100644
--- a/api/chalicelib/core/reset_password.py
+++ b/api/chalicelib/core/reset_password.py
@@ -11,7 +11,7 @@ def reset(data):
     if "email" not in data:
         return {"errors": ["email not found in body"]}
     if not helper.has_smtp():
-        return {"errors": ["no SMTP configuration found"]}
+        return {"errors": ["no SMTP configuration found, you can ask your admin to reset your password"]}
     a_users = users.get_by_email_only(data["email"])
     if len(a_users) > 1:
         print(f"multiple users found for [{data['email']}] please contact our support")
diff --git a/ee/api/chalicelib/core/reset_password.py b/ee/api/chalicelib/core/reset_password.py
index fe8cdd15c..e51816e85 100644
--- a/ee/api/chalicelib/core/reset_password.py
+++ b/ee/api/chalicelib/core/reset_password.py
@@ -11,7 +11,7 @@ def reset(data):
     if "email" not in data:
         return {"errors": ["email not found in body"]}
     if not helper.has_smtp():
-        return {"errors": ["no SMTP configuration found"]}
+        return {"errors": ["no SMTP configuration found, you can ask your admin to reset your password"]}
     a_user = users.get_by_email_only(data["email"])
     if a_user is not None:
         # ---FOR SSO
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index a6584385d..8b5ae591b 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -261,7 +261,8 @@ def get(user_id, tenant_id):
                         origin,
                         role_id,
                         roles.name AS role_name,
-                        roles.permissions
+                        roles.permissions,
+                        basic_authentication.password IS NOT NULL AS has_password
                     FROM public.users LEFT JOIN public.basic_authentication ON users.user_id=basic_authentication.user_id
                         LEFT JOIN public.roles USING (role_id)
                     WHERE
@@ -446,7 +447,7 @@ def change_password(tenant_id, user_id, email, old_password, new_password):
     item = get(tenant_id=tenant_id, user_id=user_id)
     if item is None:
         return {"errors": ["access denied"]}
-    if item["origin"] is not None:
+    if item["origin"] is not None and item["hasPassword"] is False:
         return {"errors": ["cannot change your password because you are logged-in form an SSO service"]}
     if old_password == new_password:
         return {"errors": ["old and new password are the same"]}