prevent changing a provisioned user's password

2025-08-03 16:07:24 -06:00
parent 15a7f86344
commit 81463614c9
8 changed files with 54 additions and 12 deletions
--- a/user/types.go
+++ b/user/types.go
@@ -244,15 +244,16 @@ const (

 // Error constants used by the package
 var (
-	ErrUnauthenticated     = errors.New("unauthenticated")
-	ErrUnauthorized        = errors.New("unauthorized")
-	ErrInvalidArgument     = errors.New("invalid argument")
-	ErrUserNotFound        = errors.New("user not found")
-	ErrUserExists          = errors.New("user already exists")
-	ErrPasswordHashInvalid = errors.New("password hash but be a bcrypt hash, use 'ntfy user hash' to generate")
-	ErrTierNotFound        = errors.New("tier not found")
-	ErrTokenNotFound       = errors.New("token not found")
-	ErrPhoneNumberNotFound = errors.New("phone number not found")
-	ErrTooManyReservations = errors.New("new tier has lower reservation limit")
-	ErrPhoneNumberExists   = errors.New("phone number already exists")
+	ErrUnauthenticated               = errors.New("unauthenticated")
+	ErrUnauthorized                  = errors.New("unauthorized")
+	ErrInvalidArgument               = errors.New("invalid argument")
+	ErrUserNotFound                  = errors.New("user not found")
+	ErrUserExists                    = errors.New("user already exists")
+	ErrPasswordHashInvalid           = errors.New("password hash but be a bcrypt hash, use 'ntfy user hash' to generate")
+	ErrTierNotFound                  = errors.New("tier not found")
+	ErrTokenNotFound                 = errors.New("token not found")
+	ErrPhoneNumberNotFound           = errors.New("phone number not found")
+	ErrTooManyReservations           = errors.New("new tier has lower reservation limit")
+	ErrPhoneNumberExists             = errors.New("phone number already exists")
+	ErrProvisionedUserPasswordChange = errors.New("cannot change password of provisioned user")
 )