From e9e53ad95ea0f5c757fda3669337daf8afc2ae8d Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Thu, 6 Mar 2014 15:32:06 -0500
Subject: [PATCH] added a new property to userData "hasPassword", disabling
 "current password" field in user editing if no password is set (for SSO
 logins, for example)

---
 public/src/forum/accountedit.js  |  3 +--
 public/templates/accountedit.tpl |  2 +-
 src/user.js                      | 24 +++++++++++++++++-------
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/public/src/forum/accountedit.js b/public/src/forum/accountedit.js
index 13bab6cf9d..207785e846 100644
--- a/public/src/forum/accountedit.js
+++ b/public/src/forum/accountedit.js
@@ -189,8 +189,7 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
 			password_confirm.on('blur', onPasswordConfirmChanged);
 
 			$('#changePasswordBtn').on('click', function() {
-
-				if (passwordvalid && passwordsmatch && (currentPassword.val() || app.isAdmin)) {
+				if ((passwordvalid && passwordsmatch) || app.isAdmin) {
 					socket.emit('user.changePassword', {
 						'currentPassword': currentPassword.val(),
 						'newPassword': password.val(),
diff --git a/public/templates/accountedit.tpl b/public/templates/accountedit.tpl
index acfe85af56..536943b7b5 100644
--- a/public/templates/accountedit.tpl
+++ b/public/templates/accountedit.tpl
@@ -115,7 +115,7 @@
 					<div class="control-group">
 						<label class="control-label" for="inputCurrentPassword">[[user:current_password]]</label>
 						<div class="controls">
-							<input class="form-control" type="password" id="inputCurrentPassword" placeholder="Current Password" value="">
+							<input class="form-control" type="password" id="inputCurrentPassword" placeholder="Current Password" value=""<!-- IF !hasPassword --> disabled<!-- ENDIF !hasPassword-->>
 						</div>
 					</div>
 
diff --git a/src/user.js b/src/user.js
index 4674e1d17b..9d81f2ea71 100644
--- a/src/user.js
+++ b/src/user.js
@@ -185,8 +185,13 @@ var bcrypt = require('bcryptjs'),
 				return callback(err);
 			}
 
-			if (data && data.password) {
-				delete data.password;
+			if (data) {
+				if (data.password) {
+					delete data.password;
+					data.hasPassword = true;
+				} else {
+					data.hasPassword = false;
+				}
 			}
 			callback(err, data);
 		});
@@ -467,13 +472,18 @@ var bcrypt = require('bcryptjs'),
 					return callback(err);
 				}
 
-				bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
-					if (err || !res) {
-						return callback(err || new Error('Your current password is not correct!'));
-					}
+				if (currentPassword !== null) {
+					bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
+						if (err || !res) {
+							return callback(err || new Error('Your current password is not correct!'));
+						}
 
+						hashAndSetPassword(callback);
+					});
+				} else {
+					// No password in account (probably SSO login)
 					hashAndSetPassword(callback);
-				});
+				}
 			});
 		}
 	};