From f6ff1eddcef814c1aaa7d4ce8c7c08b1ff0f0af5 Mon Sep 17 00:00:00 2001
From: Bohdan <matula.bohdan@gmail.com>
Date: Thu, 21 May 2026 23:09:59 +0300
Subject: [PATCH] fix(auth): allow google-only accounts to use forgot password

---
 .../src/controllers/auth/passwordResetHandlers.ts      | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/apps/backend/src/controllers/auth/passwordResetHandlers.ts b/apps/backend/src/controllers/auth/passwordResetHandlers.ts
index 4c530d9..8c106ec 100644
--- a/apps/backend/src/controllers/auth/passwordResetHandlers.ts
+++ b/apps/backend/src/controllers/auth/passwordResetHandlers.ts
@@ -28,18 +28,12 @@ export const forgotPassword = async (req: Request, res: Response) => {
     const user = await prisma.user.findUnique({ where: { email } });
 
     // Always 200 — never reveal whether email is registered.
+    // Google-only accounts can also use this flow to set their first local password;
+    // resetPassword upserts the local identity on the way through.
     if (!user || !user.emailVerified) {
       return res.status(200).json(GENERIC_OK);
     }
 
-    // Google-only accounts have no local identity — they cannot reset a password.
-    const localIdentity = await prisma.authIdentity.findFirst({
-      where: { userId: user.id, provider: "local" },
-    });
-    if (!localIdentity) {
-      return res.status(200).json(GENERIC_OK);
-    }
-
     const { rawToken } = await createEmailToken(
       user.id,
       "reset_password",