From bff9696b7bff8467aecd3b22f8670b7ebd102f6e Mon Sep 17 00:00:00 2001
From: Hardik <shardik99@gmail.com>
Date: Fri, 29 May 2026 00:14:46 +0530
Subject: [PATCH] fix(profile): allow empty current password when setting
 password for first time

SSO users have no passwordHash and should be able to set a local password
without providing a current one. Users with an existing password still
must verify it. Removes the client-side required attribute and updates
the server-side logic accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 App/app/(portal)/profile/actions.ts               | 10 ++++++----
 App/app/(portal)/profile/change-password-form.tsx |  1 -
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/App/app/(portal)/profile/actions.ts b/App/app/(portal)/profile/actions.ts
index 46ca699..707f07a 100644
--- a/App/app/(portal)/profile/actions.ts
+++ b/App/app/(portal)/profile/actions.ts
@@ -12,7 +12,7 @@ type Result = { ok: true } | { error: string };
 // ── Change password ───────────────────────────────────────────────────────────
 
 const changePasswordSchema = z.object({
-  currentPassword: z.string().min(1, "Current password is required"),
+  currentPassword: z.string().optional(),
   newPassword: z.string().min(8, "New password must be at least 8 characters"),
 });
 
@@ -31,10 +31,12 @@ export async function changePassword(formData: FormData): Promise<Result> {
     select: { passwordHash: true },
   });
   if (!user) return { error: "User not found" };
-  if (!user.passwordHash) return { error: "Password change is not available for accounts that sign in via Microsoft 365." };
 
-  const valid = await bcrypt.compare(parsed.data.currentPassword, user.passwordHash);
-  if (!valid) return { error: "Current password is incorrect" };
+  if (user.passwordHash) {
+    if (!parsed.data.currentPassword) return { error: "Current password is required." };
+    const valid = await bcrypt.compare(parsed.data.currentPassword, user.passwordHash);
+    if (!valid) return { error: "Current password is incorrect." };
+  }
 
   const newHash = await bcrypt.hash(parsed.data.newPassword, 12);
   await db.user.update({
diff --git a/App/app/(portal)/profile/change-password-form.tsx b/App/app/(portal)/profile/change-password-form.tsx
index f15dd52..a57c394 100644
--- a/App/app/(portal)/profile/change-password-form.tsx
+++ b/App/app/(portal)/profile/change-password-form.tsx
@@ -43,7 +43,6 @@ export function ChangePasswordForm() {
         <input
           type="password"
           name="currentPassword"
-          required
           autoComplete="current-password"
           className="w-full rounded-lg border border-neutral-300 px-3 py-2.5 text-sm focus:border-primary-500 focus:outline-none focus:ring-2 focus:ring-primary-500/20"
         />