fix: allow custom password field when using disableLocalStrategy: true (#11893)

Fixes https://github.com/payloadcms/payload/issues/11888

Previously, if you had `disableLocalStategy: true` and a custom
`password` field, Payload would still control it in `update.ts` by
deleting. Now, we don't do that in this case, unless we have
`disableLocalStetegy.enableFields: true`.

packages/payload/src/collections/operations/utilities/update.ts

@@ -99,7 +99,14 @@ export const updateDocument = async <
   const password = data?.password
   const shouldSaveDraft =
     Boolean(draftArg && collectionConfig.versions.drafts) && data._status !== 'published'
-  const shouldSavePassword = Boolean(password && collectionConfig.auth && !shouldSaveDraft)
+  const shouldSavePassword = Boolean(
+    password &&
+      collectionConfig.auth &&
+      (!collectionConfig.auth.disableLocalStrategy ||
+        (typeof collectionConfig.auth.disableLocalStrategy === 'object' &&
+          collectionConfig.auth.disableLocalStrategy.enableFields)) &&
+      !shouldSaveDraft,
+  )
 
   // /////////////////////////////////////
   // Handle potentially locked documents

test/auth/config.ts

@@ -203,6 +203,17 @@ export default buildConfigWithDefaults({
         // lock_until
       ],
     },
+    {
+      slug: 'disable-local-strategy-password',
+      auth: { disableLocalStrategy: true },
+      fields: [
+        {
+          name: 'password',
+          type: 'text',
+          required: true,
+        },
+      ],
+    },
     {
       slug: apiKeysSlug,
       access: {

test/auth/int.spec.ts

@@ -786,6 +786,20 @@ describe('Auth', () => {
 
       expect(response.status).toBe(403)
     })
+
+    it('should allow to use password field', async () => {
+      const doc = await payload.create({
+        collection: 'disable-local-strategy-password',
+        data: { password: '123' },
+      })
+      expect(doc.password).toBe('123')
+      const updated = await payload.update({
+        collection: 'disable-local-strategy-password',
+        data: { password: '1234' },
+        id: doc.id,
+      })
+      expect(updated.password).toBe('1234')
+    })
   })
 
   describe('API Key', () => {

test/auth/payload-types.ts

@@ -54,6 +54,7 @@ export type SupportedTimezones =
   | 'Asia/Singapore'
   | 'Asia/Tokyo'
   | 'Asia/Seoul'
+  | 'Australia/Brisbane'
   | 'Australia/Sydney'
   | 'Pacific/Guam'
   | 'Pacific/Noumea'
@@ -64,6 +65,7 @@ export interface Config {
   auth: {
     users: UserAuthOperations;
     'partial-disable-local-strategies': PartialDisableLocalStrategyAuthOperations;
+    'disable-local-strategy-password': DisableLocalStrategyPasswordAuthOperations;
     'api-keys': ApiKeyAuthOperations;
     'public-users': PublicUserAuthOperations;
   };
@@ -71,6 +73,7 @@ export interface Config {
   collections: {
     users: User;
     'partial-disable-local-strategies': PartialDisableLocalStrategy;
+    'disable-local-strategy-password': DisableLocalStrategyPassword;
     'api-keys': ApiKey;
     'public-users': PublicUser;
     relationsCollection: RelationsCollection;
@@ -82,6 +85,7 @@ export interface Config {
   collectionsSelect: {
     users: UsersSelect<false> | UsersSelect<true>;
     'partial-disable-local-strategies': PartialDisableLocalStrategiesSelect<false> | PartialDisableLocalStrategiesSelect<true>;
+    'disable-local-strategy-password': DisableLocalStrategyPasswordSelect<false> | DisableLocalStrategyPasswordSelect<true>;
     'api-keys': ApiKeysSelect<false> | ApiKeysSelect<true>;
     'public-users': PublicUsersSelect<false> | PublicUsersSelect<true>;
     relationsCollection: RelationsCollectionSelect<false> | RelationsCollectionSelect<true>;
@@ -102,6 +106,9 @@ export interface Config {
     | (PartialDisableLocalStrategy & {
         collection: 'partial-disable-local-strategies';
       })
+    | (DisableLocalStrategyPassword & {
+        collection: 'disable-local-strategy-password';
+      })
     | (ApiKey & {
         collection: 'api-keys';
       })
@@ -149,6 +156,24 @@ export interface PartialDisableLocalStrategyAuthOperations {
     password: string;
   };
 }
+export interface DisableLocalStrategyPasswordAuthOperations {
+  forgotPassword: {
+    email: string;
+    password: string;
+  };
+  login: {
+    email: string;
+    password: string;
+  };
+  registerFirstUser: {
+    email: string;
+    password: string;
+  };
+  unlock: {
+    email: string;
+    password: string;
+  };
+}
 export interface ApiKeyAuthOperations {
   forgotPassword: {
     email: string;
@@ -242,6 +267,16 @@ export interface PartialDisableLocalStrategy {
   lockUntil?: string | null;
   password?: string | null;
 }
+/**
+ * This interface was referenced by `Config`'s JSON-Schema
+ * via the `definition` "disable-local-strategy-password".
+ */
+export interface DisableLocalStrategyPassword {
+  id: string;
+  password: string;
+  updatedAt: string;
+  createdAt: string;
+}
 /**
  * This interface was referenced by `Config`'s JSON-Schema
  * via the `definition` "api-keys".
@@ -299,6 +334,10 @@ export interface PayloadLockedDocument {
         relationTo: 'partial-disable-local-strategies';
         value: string | PartialDisableLocalStrategy;
       } | null)
+    | ({
+        relationTo: 'disable-local-strategy-password';
+        value: string | DisableLocalStrategyPassword;
+      } | null)
     | ({
         relationTo: 'api-keys';
         value: string | ApiKey;
@@ -321,6 +360,10 @@ export interface PayloadLockedDocument {
         relationTo: 'partial-disable-local-strategies';
         value: string | PartialDisableLocalStrategy;
       }
+    | {
+        relationTo: 'disable-local-strategy-password';
+        value: string | DisableLocalStrategyPassword;
+      }
     | {
         relationTo: 'api-keys';
         value: string | ApiKey;
@@ -347,6 +390,10 @@ export interface PayloadPreference {
         relationTo: 'partial-disable-local-strategies';
         value: string | PartialDisableLocalStrategy;
       }
+    | {
+        relationTo: 'disable-local-strategy-password';
+        value: string | DisableLocalStrategyPassword;
+      }
     | {
         relationTo: 'api-keys';
         value: string | ApiKey;
@@ -440,6 +487,15 @@ export interface PartialDisableLocalStrategiesSelect<T extends boolean = true> {
   loginAttempts?: T;
   lockUntil?: T;
 }
+/**
+ * This interface was referenced by `Config`'s JSON-Schema
+ * via the `definition` "disable-local-strategy-password_select".
+ */
+export interface DisableLocalStrategyPasswordSelect<T extends boolean = true> {
+  password?: T;
+  updatedAt?: T;
+  createdAt?: T;
+}
 /**
  * This interface was referenced by `Config`'s JSON-Schema
  * via the `definition` "api-keys_select".