Corrects validation logic for static password check

cmd/dex/config.go

@@ -99,12 +99,11 @@ func (p *password) UnmarshalJSON(b []byte) error {
 		Username: data.Username,
 		UserID:   data.UserID,
 	})
-	if len(data.Hash) == 0 {
-		if len(data.HashFromEnv) > 0 {
+	if len(data.Hash) == 0 && len(data.HashFromEnv) > 0 {
 		data.Hash = os.Getenv(data.HashFromEnv)
-		} else {
-			return fmt.Errorf("no password hash provided")
 	}
+	if len(data.Hash) == 0 {
+		return fmt.Errorf("no password hash provided")
 	}
 
 	// If this value is a valid bcrypt, use it.