don't clear AuthService/AuthData if user is System Admin (#12986)

api4/user.go

@@ -86,7 +86,7 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user.SanitizeInput()
+	user.SanitizeInput(c.IsSystemAdmin())
 
 	tokenId := r.URL.Query().Get("t")
 	inviteId := r.URL.Query().Get("iid")

api4/user_test.go

@@ -110,10 +110,15 @@ func TestCreateUserInputFilter(t *testing.T) {
 			_, resp := th.SystemAdminClient.CreateUser(user)
 			CheckBadRequestStatus(t, resp)
 		})
-
-		t.Run("AuthServiceFilter", func(t *testing.T) {
-			user := &model.User{Email: "foobar+testdomainrestriction@mattermost.org", Password: "Password1", Username: GenerateTestUsername(), AuthService: "ldap"}
+		t.Run("ValidAuthServiceFilter", func(t *testing.T) {
+			user := &model.User{Email: "foobar+testdomainrestriction@mattermost.org", Username: GenerateTestUsername(), AuthService: "ldap", AuthData: model.NewString("999099")}
 			_, resp := th.SystemAdminClient.CreateUser(user)
+			CheckNoError(t, resp)
+		})
+
+		t.Run("InvalidAuthServiceFilter", func(t *testing.T) {
+			user := &model.User{Email: "foobar+testdomainrestriction@mattermost.org", Password: "Password1", Username: GenerateTestUsername(), AuthService: "ldap"}
+			_, resp := th.Client.CreateUser(user)
 			CheckBadRequestStatus(t, resp)
 		})
 	})

model/user.go

@@ -497,9 +497,11 @@ func (u *User) Sanitize(options map[string]bool) {
 }
 
 // Remove any input data from the user object that is not user controlled
-func (u *User) SanitizeInput() {
-	u.AuthData = NewString("")
-	u.AuthService = ""
+func (u *User) SanitizeInput(isAdmin bool) {
+	if !isAdmin {
+		u.AuthData = NewString("")
+		u.AuthService = ""
+	}
 	u.LastPasswordUpdate = 0
 	u.LastPictureUpdate = 0
 	u.FailedAttempts = 0