From 1bcf1ad6434e45c28b9232032284299334663026 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Tue, 29 Sep 2020 21:27:03 +0100
Subject: [PATCH] Only set the user password if the password field would have
 been shown (#12980)

POSTing to /admin/users/:id should only set the password if the the user
IsLocal or IsOauth2

Fix #12952

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 routers/admin/users.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/admin/users.go b/routers/admin/users.go
index 531f81b8b5..9fb758621b 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -224,7 +224,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
 		}
 	}
 
-	if len(form.Password) > 0 {
+	if len(form.Password) > 0 && (u.IsLocal() || u.IsOAuth2()) {
 		var err error
 		if len(form.Password) < setting.MinPasswordLength {
 			ctx.Data["Err_Password"] = true