From a2101772c2efbfcbaca594468261b1723b112f0a Mon Sep 17 00:00:00 2001 From: Andrei Mihu Date: Thu, 31 Oct 2019 19:27:38 +0000 Subject: [PATCH] Return an error to the dev console when setting a password on a user account with no email. --- server/console_account.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/console_account.go b/server/console_account.go index bc31b8765..f53a89a74 100644 --- a/server/console_account.go +++ b/server/console_account.go @@ -476,11 +476,14 @@ AND ((facebook_id IS NOT NULL if len(newPassword) != 0 { // Update the password on the user account only if they have an email associated. - _, err := tx.ExecContext(ctx, "UPDATE users SET password = $2, update_time = now() WHERE id = $1 AND email IS NOT NULL", userID, newPassword) + res, err := tx.ExecContext(ctx, "UPDATE users SET password = $2, update_time = now() WHERE id = $1 AND email IS NOT NULL", userID, newPassword) if err != nil { s.logger.Error("Could not update password.", zap.Error(err), zap.Any("user_id", userID)) return err } + if rowsAffected, _ := res.RowsAffected(); rowsAffected != 1 { + return StatusError(codes.InvalidArgument, "Cannot set a password on an account with no email address.", ErrRowsAffectedCount) + } } if len(in.DeviceIds) != 0 && len(statements) == 0 && !removeCustomID && !removeEmail && len(newPassword) == 0 { -- GitLab