From c2b990ac538ddcbdc71c5ee30f5884f700762109 Mon Sep 17 00:00:00 2001
From: Joseph Garrone <joseph.garrone.gj@gmail.com>
Date: Mon, 6 May 2024 17:41:08 +0200
Subject: [PATCH] Do not inject password field when password isn't required

---
 src/login/lib/useUserProfileForm.tsx | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/login/lib/useUserProfileForm.tsx b/src/login/lib/useUserProfileForm.tsx
index 16545946..a3eef6fa 100644
--- a/src/login/lib/useUserProfileForm.tsx
+++ b/src/login/lib/useUserProfileForm.tsx
@@ -70,7 +70,7 @@ export type KcContextLike = {
         attributes: Attribute[];
         html5DataAnnotations: Record<string, string>;
     };
-    passwordRequired?: boolean;
+    passwordRequired: boolean;
     realm: { registrationEmailAsUsername: boolean };
     passwordPolicies?: PasswordPolicies;
     url: {
@@ -102,10 +102,6 @@ namespace internal {
     };
 }
 
-/**
- * NOTE: The attributesWithPassword returned is actually augmented with
- * artificial password related attributes only if kcContext.passwordRequired === true
- */
 export function useUserProfileForm(params: ParamsOfUseUserProfileForm): ReturnTypeOfUseUserProfileForm {
     const { kcContext, i18n, doMakeUserConfirmPassword } = params;
 
@@ -134,6 +130,10 @@ export function useUserProfileForm(params: ParamsOfUseUserProfileForm): ReturnTy
             attributesWithPassword.push(attribute);
 
             add_password_and_password_confirm: {
+                if (!kcContext.passwordRequired) {
+                    break add_password_and_password_confirm;
+                }
+
                 if (attribute.name !== (kcContext.realm.registrationEmailAsUsername ? "email" : "username")) {
                     // NOTE: We want to add password and password-confirm after the field that identifies the user.
                     // It's either email or username.