From 6ff15ef5300c57886b2dce3a94334659da973533 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Calvi=C3=B1o=20S=C3=A1nchez?= <danxuliu@gmail.com>
Date: Fri, 18 Jul 2025 20:54:07 +0200
Subject: [PATCH] fix: Do not show password dialog when user can not validate
 password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The password confirmation dialog is always shown unless the user backend
does not allow password confirmation. A user backend may explicitly
provide that information, but even if it does not that could have been
defined in the authentication token with
"IToken::SCOPE_SKIP_PASSWORD_VALIDATION" (for example, when "user_oidc"
is only used for authentication and user provision is done by another
user backend).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
---
 lib/private/Template/JSConfigHelper.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index 48e7db5fc90..c3052fc5cc8 100644
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -67,6 +67,8 @@ class JSConfigHelper {
 				$userBackendAllowsPasswordConfirmation = $backend->canConfirmPassword($uid) && $this->canUserValidatePassword();
 			} elseif (isset($this->excludedUserBackEnds[$this->currentUser->getBackendClassName()])) {
 				$userBackendAllowsPasswordConfirmation = false;
+			} else {
+				$userBackendAllowsPasswordConfirmation = $this->canUserValidatePassword();
 			}
 		} else {
 			$uid = null;