From 56b0f0bd610bf38d6dce229076fe36f5b571c137 Mon Sep 17 00:00:00 2001 From: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Date: Mon, 3 Feb 2025 11:36:45 -0800 Subject: [PATCH] Add missing condition for disable SSO error state, update integration test to cover the situation (#25960) ## Follow-up for https://github.com/fleetdm/fleet/pull/25843 - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality Co-authored-by: Jacob Shandling --- server/service/integration_core_test.go | 2 +- server/service/users.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/service/integration_core_test.go b/server/service/integration_core_test.go index 42e2c3029a..9f6cecafd3 100644 --- a/server/service/integration_core_test.go +++ b/server/service/integration_core_test.go @@ -8407,12 +8407,12 @@ func (s *integrationTestSuite) TestModifyUser() { newRawPwd = userRawPwd + "4" modResp = modifyUserResponse{} s.DoJSON("PATCH", fmt.Sprintf("/api/latest/fleet/users/%d", u.ID), fleet.UserPayload{ + SSOEnabled: ptr.Bool(false), NewPassword: ptr.String(newRawPwd), Email: ptr.String("moduser3@example.com"), Name: ptr.String("moduser3"), }, http.StatusOK, &modResp) require.Equal(t, u.ID, modResp.User.ID) - require.Equal(t, "moduser3", modResp.User.Name) // as an admin, set new password that doesn't meet requirements invalidUserPwd := "abc" diff --git a/server/service/users.go b/server/service/users.go index d9bfeaab2c..092d56f6a6 100644 --- a/server/service/users.go +++ b/server/service/users.go @@ -480,7 +480,7 @@ func (svc *Service) ModifyUser(ctx context.Context, userID uint, p fleet.UserPay } if p.SSOEnabled != nil { - if !*p.SSOEnabled && p.NewPassword == nil { + if !*p.SSOEnabled && user.SSOEnabled && p.NewPassword == nil { return nil, fleet.NewInvalidArgumentError("missing password", "a new password must be provided when disabling SSO") } user.SSOEnabled = *p.SSOEnabled