starred/karakeep

Fork 0

mirror of https://github.com/karakeep-app/karakeep.git synced 2026-04-24 23:46:06 +03:00

[PR #2546] fix: disable password change when password auth is disabled #2154

New issue

Open

opened 2026-03-02 12:00:47 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 12:00:47 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/karakeep-app/karakeep/pull/2546
Author: @xingzihai
Created: 3/2/2026
Status: 🔄 Open

Base: main ← Head: fix/784-disable-change-password-when-password-auth-disabled

📝 Commits (1)

ca378d5 fix: disable password change when password auth is disabled

📊 Changes

3 files changed (+56 additions, -1 deletions)

View changed files

📝 apps/web/components/settings/ChangePassword.tsx (+8 -0)
📝 packages/trpc/routers/users.test.ts (+40 -1)
📝 packages/trpc/routers/users.ts (+8 -0)

📄 Description

Summary

Fixes #784 by making password-change behavior consistent with auth config when password login is disabled.

Root Cause

users.changePassword could still be called even when auth.disablePasswordAuth=true, and the settings UI still rendered the Change Password section.

Changes

Web: hide ChangePassword settings section when disablePasswordAuth is enabled.
tRPC: add guard in users.changePassword to reject with FORBIDDEN when password auth is disabled.
Tests: add regression test ensuring changePassword throws when password auth is disabled.

Verification

Passed pre-commit preflight (typecheck, lint, format).
OpenAPI check passed.
Added/updated unit tests in packages/trpc/routers/users.test.ts.

Risk

Low. Small, issue-scoped change with explicit backend guard + test coverage.

Rollback

Revert commit ca378d5e15e5658d449595fcef0c8db19d892c49.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/karakeep-app/karakeep/pull/2546 **Author:** [@xingzihai](https://github.com/xingzihai) **Created:** 3/2/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `fix/784-disable-change-password-when-password-auth-disabled` --- ### 📝 Commits (1) - [`ca378d5`](https://github.com/karakeep-app/karakeep/commit/ca378d5e15e5658d449595fcef0c8db19d892c49) fix: disable password change when password auth is disabled ### 📊 Changes **3 files changed** (+56 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `apps/web/components/settings/ChangePassword.tsx` (+8 -0) 📝 `packages/trpc/routers/users.test.ts` (+40 -1) 📝 `packages/trpc/routers/users.ts` (+8 -0) </details> ### 📄 Description ## Summary Fixes #784 by making password-change behavior consistent with auth config when password login is disabled. ## Root Cause `users.changePassword` could still be called even when `auth.disablePasswordAuth=true`, and the settings UI still rendered the Change Password section. ## Changes - Web: hide `ChangePassword` settings section when `disablePasswordAuth` is enabled. - tRPC: add guard in `users.changePassword` to reject with `FORBIDDEN` when password auth is disabled. - Tests: add regression test ensuring `changePassword` throws when password auth is disabled. ## Verification - Passed pre-commit preflight (`typecheck`, `lint`, `format`). - OpenAPI check passed. - Added/updated unit tests in `packages/trpc/routers/users.test.ts`. ## Risk Low. Small, issue-scoped change with explicit backend guard + test coverage. ## Rollback Revert commit `ca378d5e15e5658d449595fcef0c8db19d892c49`. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-03-02 12:00:47 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/karakeep#2154

No description provided.

Rows
Columns