feat: fix OAuth-registered users to keep empty passwords unhashed (#4482)

2025-11-17 23:12:53 +08:00
parent b3355a9fa6
commit 1d719e3759
1 changed files with 5 additions and 0 deletions
--- a/object/user_cred.go
+++ b/object/user_cred.go
@@ -43,6 +43,11 @@ func (user *User) UpdateUserHash() error {
 }

 func (user *User) UpdateUserPassword(organization *Organization) {
+	// Don't hash empty passwords (e.g., for OAuth users)
+	if user.Password == "" {
+		return
+	}
+
 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
 		// Use organization salt if available, otherwise generate a random salt for the user