Do not update password when no new password is provided

app/Http/Controllers/UserController.php

@@ -52,7 +52,12 @@ class UserController extends Controller
     {
         $input = $request->validated();
         $input['remember_token'] = Str::random(10);
-        $input['password'] = Hash::make($input['password']);
+        if (!empty($input['password'])) {
+            $input['password'] = Hash::make($input['password']);
+        }
+        else {
+            unset($input['password']);
+        }
         $input['admin'] = $input['admin'] ?? false;
 
         $user->fill($input)->save();

tests/Feature/Http/Controllers/UserControllerTest.php

@@ -67,6 +67,27 @@ class UserControllerTest extends HttpControllerTestCase
         $response->assertSessionHasNoErrors();
     }
 
+    public function testCanChangeUserPassword(): void {
+        $user = $this->createInstance();
+        $user->password = 'password1';
+        $user->save();
+
+        $input = $user->toArray();
+        $input['password'] = 'password2';
+        $input['password_confirmation'] = 'password2';
+
+        $put_url = action([$this->class(), 'update'], [$this->routeKey() => $user]);
+        $response = $this->put($put_url, $input);
+        $response->assertSessionHasNoErrors();
+
+        $user->refresh();
+        $this->logout();
+        $response = $this-> post('/login', ['username' => $user->username, 'password' => 'password1']);
+        $response->assertSessionHasErrors();
+        $this->post('/login', ['username' => $user->username, 'password' => 'password2']);
+        $this->assertAuthenticatedAs($user);
+    }
+
     public function testCanNotDeleteSelf(): void {
         $user = User::first();
         $edit_url = action([$this->class(), 'delete'], [$this->routeKey() => $user]);