diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js
index ebc7585cf7..315281e41a 100644
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@@ -290,6 +290,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
'/user/password/update',
AuthenticationController.requireLogin(),
RateLimiterMiddleware.rateLimit(rateLimiters.changePassword),
+ PermissionsController.requirePermission('change-password'),
UserController.changePassword
)
webRouter.get(
diff --git a/services/web/frontend/extracted-translations.json b/services/web/frontend/extracted-translations.json
index 8410d3660c..4c55cee28d 100644
--- a/services/web/frontend/extracted-translations.json
+++ b/services/web/frontend/extracted-translations.json
@@ -1536,6 +1536,7 @@
"you_are_on_x_plan_as_member_of_group_subscription_y_administered_by_z": "",
"you_can_now_enable_sso": "",
"you_can_now_log_in_sso": "",
+ "you_cant_add_or_change_password_due_to_sso": "",
"you_dont_have_any_repositories": "",
"you_have_added_x_of_group_size_y": "",
"you_have_been_invited_to_transfer_management_of_your_account": "",
diff --git a/services/web/frontend/js/features/settings/components/password-section.tsx b/services/web/frontend/js/features/settings/components/password-section.tsx
index 59427088b2..c1f0552210 100644
--- a/services/web/frontend/js/features/settings/components/password-section.tsx
+++ b/services/web/frontend/js/features/settings/components/password-section.tsx
@@ -25,15 +25,33 @@ type PasswordUpdateResult = {
function PasswordSection() {
const { t } = useTranslation()
-
+ const hideChangePassword = getMeta('ol-cannot-change-password') as boolean
return (
<>
{t('change_password')}
-
+ {hideChangePassword ? (
+
+ ) : (
+
+ )}
)
}
+function CanOnlyLogInThroughSSO() {
+ return (
+
+ ,
+ ]}
+ />
+
+ )
+}
+
function PasswordInnerSection() {
const { t } = useTranslation()
const { isOverleaf } = getMeta('ol-ExposedSettings') as ExposedSettings
diff --git a/services/web/locales/en.json b/services/web/locales/en.json
index fba3c63965..204053d944 100644
--- a/services/web/locales/en.json
+++ b/services/web/locales/en.json
@@ -2205,6 +2205,7 @@
"you_can_opt_in_and_out_of_overleaf_labs_at_any_time_on_this_page": "You can <0>opt in and out of Overleaf Labs at any time on this page",
"you_can_opt_in_and_out_of_the_program_at_any_time_on_this_page": "You can <0>opt in and out of the program at any time on this page",
"you_can_opt_in_to_individual_experiments": "You will be asked to opt in and out of individual experiments; each experiment may have unique partners, requirements, terms and conditions, etc. that must be opted in to for that specific experiment",
+ "you_cant_add_or_change_password_due_to_sso": "You can’t add or change your password because your group or organization uses <0>single sign-on (SSO).",
"you_cant_join_this_group_subscription": "You can’t join this group subscription",
"you_dont_have_any_repositories": "You don’t have any repositories",
"you_get_access_to": "You get access to",
diff --git a/services/web/test/frontend/features/settings/components/password-section.test.tsx b/services/web/test/frontend/features/settings/components/password-section.test.tsx
index 533efd075b..28ae45981e 100644
--- a/services/web/test/frontend/features/settings/components/password-section.test.tsx
+++ b/services/web/test/frontend/features/settings/components/password-section.test.tsx
@@ -183,6 +183,17 @@ describe('', function () {
await screen.findByText('Your old password is wrong')
})
+
+ it('shows message when user cannot use password log in', async function () {
+ window.metaAttributesCache.set('ol-cannot-change-password', true)
+ render()
+ await screen.findByRole('heading', { name: 'Change Password' })
+ screen.getByText(
+ 'You can’t add or change your password because your group or organization uses',
+ { exact: false }
+ )
+ screen.getByRole('link', { name: 'single sign-on (SSO)' })
+ })
})
function submitValidForm() {