Only show the password change section if the user has a password (#4100)

sandhose · web-flow · commit b78b893b3cde · 2025-02-24T14:48:24.000+01:00
diff --git a/crates/handlers/src/graphql/model/users.rs b/crates/handlers/src/graphql/model/users.rs
@@ -705,6 +705,16 @@ impl User {
         )
         .await
     }
+
+    /// Check if the user has a password set.
+    async fn has_password(&self, ctx: &Context<'_>) -> Result<bool, async_graphql::Error> {
+        let state = ctx.state();
+        let mut repo = state.repository().await?;
+
+        let password = repo.user_password().active(&self.0).await?;
+
+        Ok(password.is_some())
+    }
 }
 
 /// A session in an application, either a compatibility or an OAuth 2.0 one
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
@@ -2059,6 +2059,10 @@ type User implements Node {
     """
     last: Int
   ): AppSessionConnection!
+  """
+  Check if the user has a password set.
+  """
+  hasPassword: Boolean!
 }
 
 """
diff --git a/frontend/src/gql/gql.ts b/frontend/src/gql/gql.ts
@@ -42,7 +42,7 @@ type Documents = {
     "\n  query UserEmailList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n  ) {\n    viewer {\n      __typename\n      ... on User {\n        emails(first: $first, after: $after, last: $last, before: $before) {\n          edges {\n            cursor\n            node {\n              ...UserEmail_email\n            }\n          }\n          totalCount\n          pageInfo {\n            hasNextPage\n            hasPreviousPage\n            startCursor\n            endCursor\n          }\n        }\n      }\n    }\n  }\n": typeof types.UserEmailListDocument,
     "\n  fragment UserEmailList_siteConfig on SiteConfig {\n    emailChangeAllowed\n  }\n": typeof types.UserEmailList_SiteConfigFragmentDoc,
     "\n  fragment BrowserSessionsOverview_user on User {\n    id\n\n    browserSessions(first: 0, state: ACTIVE) {\n      totalCount\n    }\n  }\n": typeof types.BrowserSessionsOverview_UserFragmentDoc,
-    "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n": typeof types.UserProfileDocument,
+    "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          hasPassword\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n": typeof types.UserProfileDocument,
     "\n  query BrowserSessionList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n    $lastActive: DateFilter\n  ) {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n\n        user {\n          id\n\n          browserSessions(\n            first: $first\n            after: $after\n            last: $last\n            before: $before\n            lastActive: $lastActive\n            state: ACTIVE\n          ) {\n            totalCount\n\n            edges {\n              cursor\n              node {\n                id\n                ...BrowserSession_session\n              }\n            }\n\n            pageInfo {\n              hasNextPage\n              hasPreviousPage\n              startCursor\n              endCursor\n            }\n          }\n        }\n      }\n    }\n  }\n": typeof types.BrowserSessionListDocument,
     "\n  query SessionsOverview {\n    viewer {\n      __typename\n\n      ... on User {\n        id\n        ...BrowserSessionsOverview_user\n      }\n    }\n  }\n": typeof types.SessionsOverviewDocument,
     "\n  query AppSessionsList(\n    $before: String\n    $after: String\n    $first: Int\n    $last: Int\n    $lastActive: DateFilter\n  ) {\n    viewer {\n      __typename\n\n      ... on User {\n        id\n        appSessions(\n          before: $before\n          after: $after\n          first: $first\n          last: $last\n          lastActive: $lastActive\n          state: ACTIVE\n        ) {\n          edges {\n            cursor\n            node {\n              __typename\n              ...CompatSession_session\n              ...OAuth2Session_session\n            }\n          }\n\n          totalCount\n          pageInfo {\n            startCursor\n            endCursor\n            hasNextPage\n            hasPreviousPage\n          }\n        }\n      }\n    }\n  }\n": typeof types.AppSessionsListDocument,
@@ -91,7 +91,7 @@ const documents: Documents = {
     "\n  query UserEmailList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n  ) {\n    viewer {\n      __typename\n      ... on User {\n        emails(first: $first, after: $after, last: $last, before: $before) {\n          edges {\n            cursor\n            node {\n              ...UserEmail_email\n            }\n          }\n          totalCount\n          pageInfo {\n            hasNextPage\n            hasPreviousPage\n            startCursor\n            endCursor\n          }\n        }\n      }\n    }\n  }\n": types.UserEmailListDocument,
     "\n  fragment UserEmailList_siteConfig on SiteConfig {\n    emailChangeAllowed\n  }\n": types.UserEmailList_SiteConfigFragmentDoc,
     "\n  fragment BrowserSessionsOverview_user on User {\n    id\n\n    browserSessions(first: 0, state: ACTIVE) {\n      totalCount\n    }\n  }\n": types.BrowserSessionsOverview_UserFragmentDoc,
-    "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n": types.UserProfileDocument,
+    "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          hasPassword\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n": types.UserProfileDocument,
     "\n  query BrowserSessionList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n    $lastActive: DateFilter\n  ) {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n\n        user {\n          id\n\n          browserSessions(\n            first: $first\n            after: $after\n            last: $last\n            before: $before\n            lastActive: $lastActive\n            state: ACTIVE\n          ) {\n            totalCount\n\n            edges {\n              cursor\n              node {\n                id\n                ...BrowserSession_session\n              }\n            }\n\n            pageInfo {\n              hasNextPage\n              hasPreviousPage\n              startCursor\n              endCursor\n            }\n          }\n        }\n      }\n    }\n  }\n": types.BrowserSessionListDocument,
     "\n  query SessionsOverview {\n    viewer {\n      __typename\n\n      ... on User {\n        id\n        ...BrowserSessionsOverview_user\n      }\n    }\n  }\n": types.SessionsOverviewDocument,
     "\n  query AppSessionsList(\n    $before: String\n    $after: String\n    $first: Int\n    $last: Int\n    $lastActive: DateFilter\n  ) {\n    viewer {\n      __typename\n\n      ... on User {\n        id\n        appSessions(\n          before: $before\n          after: $after\n          first: $first\n          last: $last\n          lastActive: $lastActive\n          state: ACTIVE\n        ) {\n          edges {\n            cursor\n            node {\n              __typename\n              ...CompatSession_session\n              ...OAuth2Session_session\n            }\n          }\n\n          totalCount\n          pageInfo {\n            startCursor\n            endCursor\n            hasNextPage\n            hasPreviousPage\n          }\n        }\n      }\n    }\n  }\n": types.AppSessionsListDocument,
@@ -224,7 +224,7 @@ export function graphql(source: "\n  fragment BrowserSessionsOverview_user on Us
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n"): typeof import('./graphql').UserProfileDocument;
+export function graphql(source: "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          hasPassword\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      ...UserEmailList_siteConfig\n      ...UserEmail_siteConfig\n      ...PasswordChange_siteConfig\n    }\n  }\n"): typeof import('./graphql').UserProfileDocument;
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
diff --git a/frontend/src/gql/graphql.ts b/frontend/src/gql/graphql.ts
@@ -1338,6 +1338,8 @@ export type User = Node & {
   createdAt: Scalars['DateTime']['output'];
   /** Get the list of emails, chronologically sorted */
   emails: UserEmailConnection;
+  /** Check if the user has a password set. */
+  hasPassword: Scalars['Boolean']['output'];
   /** ID of the object. */
   id: Scalars['ID']['output'];
   /** When the user was locked out. */
@@ -1687,7 +1689,7 @@ export type BrowserSessionsOverview_UserFragment = { __typename?: 'User', id: st
 export type UserProfileQueryVariables = Exact<{ [key: string]: never; }>;
 
 
-export type UserProfileQuery = { __typename?: 'Query', viewerSession: { __typename: 'Anonymous' } | { __typename: 'BrowserSession', id: string, user: { __typename?: 'User', emails: { __typename?: 'UserEmailConnection', totalCount: number } } } | { __typename: 'Oauth2Session' }, siteConfig: (
+export type UserProfileQuery = { __typename?: 'Query', viewerSession: { __typename: 'Anonymous' } | { __typename: 'BrowserSession', id: string, user: { __typename?: 'User', hasPassword: boolean, emails: { __typename?: 'UserEmailConnection', totalCount: number } } } | { __typename: 'Oauth2Session' }, siteConfig: (
     { __typename?: 'SiteConfig', emailChangeAllowed: boolean, passwordLoginEnabled: boolean }
     & { ' $fragmentRefs'?: { 'UserEmailList_SiteConfigFragment': UserEmailList_SiteConfigFragment;'UserEmail_SiteConfigFragment': UserEmail_SiteConfigFragment;'PasswordChange_SiteConfigFragment': PasswordChange_SiteConfigFragment } }
   ) };
@@ -2302,6 +2304,7 @@ export const UserProfileDocument = new TypedDocumentString(`
     ... on BrowserSession {
       id
       user {
+        hasPassword
         emails(first: 0) {
           totalCount
         }
diff --git a/frontend/src/routes/_account.index.lazy.tsx b/frontend/src/routes/_account.index.lazy.tsx
@@ -94,7 +94,7 @@ function Index(): React.ReactElement {
           </>
         )}
 
-        {siteConfig.passwordLoginEnabled && (
+        {siteConfig.passwordLoginEnabled && viewerSession.user.hasPassword && (
           <>
             <Collapsible.Section
               defaultOpen
diff --git a/frontend/src/routes/_account.index.tsx b/frontend/src/routes/_account.index.tsx
@@ -18,6 +18,7 @@ const QUERY = graphql(/* GraphQL */ `
       ... on BrowserSession {
         id
         user {
+          hasPassword
           emails(first: 0) {
             totalCount
           }
diff --git a/frontend/stories/routes/index.stories.tsx b/frontend/stories/routes/index.stories.tsx
@@ -34,11 +34,13 @@ const userProfileHandler = ({
   passwordLoginEnabled,
   passwordChangeAllowed,
   emailTotalCount,
+  hasPassword,
 }: {
   emailChangeAllowed: boolean;
   passwordLoginEnabled: boolean;
   passwordChangeAllowed: boolean;
   emailTotalCount: number;
+  hasPassword: boolean;
 }): GraphQLHandler =>
   mockUserProfileQuery(() =>
     HttpResponse.json({
@@ -47,6 +49,7 @@ const userProfileHandler = ({
           __typename: "BrowserSession",
           id: "session-id",
           user: {
+            hasPassword,
             emails: {
               totalCount: emailTotalCount,
             },
@@ -130,6 +133,7 @@ export const MultipleEmails: Story = {
           passwordChangeAllowed: true,
           emailChangeAllowed: true,
           emailTotalCount: 3,
+          hasPassword: true,
         }),
         threeEmailsHandler,
       ],
@@ -147,6 +151,7 @@ export const NoEmails: Story = {
           passwordChangeAllowed: true,
           emailChangeAllowed: false,
           emailTotalCount: 0,
+          hasPassword: true,
         }),
       ],
     },
@@ -163,6 +168,7 @@ export const MultipleEmailsNoChange: Story = {
           passwordChangeAllowed: true,
           emailChangeAllowed: false,
           emailTotalCount: 3,
+          hasPassword: true,
         }),
         threeEmailsHandler,
       ],
@@ -180,6 +186,7 @@ export const NoEmailChange: Story = {
           passwordChangeAllowed: true,
           emailChangeAllowed: false,
           emailTotalCount: 1,
+          hasPassword: true,
         }),
       ],
     },
@@ -196,6 +203,7 @@ export const NoPasswordChange: Story = {
           passwordChangeAllowed: false,
           emailChangeAllowed: true,
           emailTotalCount: 1,
+          hasPassword: true,
         }),
       ],
     },
@@ -212,6 +220,7 @@ export const NoPasswordLogin: Story = {
           passwordChangeAllowed: false,
           emailChangeAllowed: true,
           emailTotalCount: 1,
+          hasPassword: true,
         }),
       ],
     },
@@ -228,6 +237,7 @@ export const NoPasswordNoEmailChange: Story = {
           passwordChangeAllowed: false,
           emailChangeAllowed: false,
           emailTotalCount: 0,
+          hasPassword: false,
         }),
       ],
     },
diff --git a/frontend/tests/mocks/handlers.ts b/frontend/tests/mocks/handlers.ts
@@ -91,6 +91,7 @@ export const handlers = [
           __typename: "BrowserSession",
           id: "browser-session-id",
           user: {
+            hasPassword: true,
             emails: {
               totalCount: 1,
             },

Original file line number	Diff line number	Diff line change
`@@ -705,6 +705,16 @@ impl User {`
`705`	`705`	`)`
`706`	`706`	`.await`
`707`	`707`	`}`
	`708`	`+`
	`709`	`+ /// Check if the user has a password set.`
	`710`	`+ async fn has_password(&self, ctx: &Context<'_>) -> Result<bool, async_graphql::Error> {`
	`711`	`+ let state = ctx.state();`
	`712`	`+ let mut repo = state.repository().await?;`
	`713`	`+`
	`714`	`+ let password = repo.user_password().active(&self.0).await?;`
	`715`	`+`
	`716`	`+ Ok(password.is_some())`
	`717`	`+ }`
`708`	`718`	`}`
`709`	`719`
`710`	`720`	`/// A session in an application, either a compatibility or an OAuth 2.0 one`
Original file line number	Diff line number	Diff line change
@@ -18,6 +18,7 @@ const QUERY = graphql(/* GraphQL */ `
`18`	`18`	`... on BrowserSession {`
`19`	`19`	`id`
`20`	`20`	`user {`
	`21`	`+ hasPassword`
`21`	`22`	`emails(first: 0) {`
`22`	`23`	`totalCount`
`23`	`24`	`}`