From 2c54ea90f994b841ea875b2ae211ecf2e2838feb Mon Sep 17 00:00:00 2001
From: Jeremiah Ajayi <36984987+Lord-Jerry@users.noreply.github.com>
Date: Fri, 17 Feb 2023 19:59:34 +0100
Subject: [PATCH] CAL-1053: Invalidate password to avoid once Google auth is
 used to merge accounts (#7152)

* CAL-1053: Invalidate password to avoid once Google auth is used to merge accounts

* remove log
---
 apps/web/pages/api/auth/[...nextauth].tsx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/web/pages/api/auth/[...nextauth].tsx b/apps/web/pages/api/auth/[...nextauth].tsx
index 4030bdbd6d..961c2e2ae1 100644
--- a/apps/web/pages/api/auth/[...nextauth].tsx
+++ b/apps/web/pages/api/auth/[...nextauth].tsx
@@ -507,6 +507,10 @@ export default NextAuth({
             existingUserWithEmail.identityProvider === IdentityProvider.CAL &&
             (idP === IdentityProvider.GOOGLE || idP === IdentityProvider.SAML)
           ) {
+            await prisma.user.update({
+              where: { email: existingUserWithEmail.email },
+              data: { password: null },
+            });
             return true;
           } else if (existingUserWithEmail.identityProvider === IdentityProvider.CAL) {
             return "/auth/error?error=use-password-login";