From cc712970f7cade998564d4249a12a0c15ad0d2cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=A8=20Audrey=20=E2=9C=A8?= <audrey@audreyality.com>
Date: Thu, 26 Jun 2025 16:56:14 -0400
Subject: [PATCH] normalize authentication field evaluation order

---
 src/Api/Tools/Models/Request/SendRequestModel.cs | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/Api/Tools/Models/Request/SendRequestModel.cs b/src/Api/Tools/Models/Request/SendRequestModel.cs
index b8057571ab..941fa14cfa 100644
--- a/src/Api/Tools/Models/Request/SendRequestModel.cs
+++ b/src/Api/Tools/Models/Request/SendRequestModel.cs
@@ -217,19 +217,23 @@ public class SendRequestModel
         existingSend.ExpirationDate = ExpirationDate;
         existingSend.DeletionDate = DeletionDate.Value;
         existingSend.MaxAccessCount = MaxAccessCount;
-        if (!string.IsNullOrWhiteSpace(Password))
-        {
-            existingSend.Password = authorizationService.HashPassword(Password);
-        }
-        else if (!string.IsNullOrWhiteSpace(Emails))
+
+        if (!string.IsNullOrWhiteSpace(Emails))
         {
             // normalize encoding
             var emails = Emails.Split(',', RemoveEmptyEntries | TrimEntries);
             existingSend.Emails = string.Join(", ", emails);
+            existingSend.Password = null;
+        }
+        else if (!string.IsNullOrWhiteSpace(Password))
+        {
+            existingSend.Password = authorizationService.HashPassword(Password);
+            existingSend.Emails = null;
         }
 
         existingSend.Disabled = Disabled.GetValueOrDefault();
         existingSend.HideEmail = HideEmail.GetValueOrDefault();
+
         return existingSend;
     }