fix: check password complexity policy and respect changeRequired on password change (#7884)

* fix: check password complexity policy on password change and respect require_change * pass changeRequired where available and add tests * fix requested changes --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-12 01:27:32 +00:00 · 2024-05-02 11:50:13 +02:00
parent 8cc12e869a
commit 43da9225be
11 changed files with 509 additions and 199 deletions
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -249,33 +249,12 @@ func SetHumanPasswordToPassword(password *user.SetPassword) *command.Password {
 	if password == nil {
 		return nil
 	}
-	var changeRequired bool
-	var passwordStr *string
-	if password.GetPassword() != nil {
-		passwordStr = &password.GetPassword().Password
-		changeRequired = password.GetPassword().GetChangeRequired()
-	}
-	var hash *string
-	if password.GetHashedPassword() != nil {
-		hash = &password.GetHashedPassword().Hash
-		changeRequired = password.GetHashedPassword().GetChangeRequired()
-	}
-	var code *string
-	if password.GetVerificationCode() != "" {
-		codeT := password.GetVerificationCode()
-		code = &codeT
-	}
-	var oldPassword *string
-	if password.GetCurrentPassword() != "" {
-		oldPasswordT := password.GetCurrentPassword()
-		oldPassword = &oldPasswordT
-	}
 	return &command.Password{
-		PasswordCode:        code,
-		OldPassword:         oldPassword,
-		Password:            passwordStr,
-		EncodedPasswordHash: hash,
-		ChangeRequired:      changeRequired,
+		PasswordCode:        password.GetVerificationCode(),
+		OldPassword:         password.GetCurrentPassword(),
+		Password:            password.GetPassword().GetPassword(),
+		EncodedPasswordHash: password.GetHashedPassword().GetHash(),
+		ChangeRequired:      password.GetPassword().GetChangeRequired() || password.GetHashedPassword().GetChangeRequired(),
 	}
 }