diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 7fe878d..0bc7c0e 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -52,7 +52,12 @@ class UserController extends Controller { $input = $request->validated(); $input['remember_token'] = Str::random(10); - $input['password'] = Hash::make($input['password']); + if (!empty($input['password'])) { + $input['password'] = Hash::make($input['password']); + } + else { + unset($input['password']); + } $input['admin'] = $input['admin'] ?? false; $user->fill($input)->save(); diff --git a/tests/Feature/Http/Controllers/UserControllerTest.php b/tests/Feature/Http/Controllers/UserControllerTest.php index 9d05add..9a9290e 100644 --- a/tests/Feature/Http/Controllers/UserControllerTest.php +++ b/tests/Feature/Http/Controllers/UserControllerTest.php @@ -67,6 +67,27 @@ class UserControllerTest extends HttpControllerTestCase $response->assertSessionHasNoErrors(); } + public function testCanChangeUserPassword(): void { + $user = $this->createInstance(); + $user->password = 'password1'; + $user->save(); + + $input = $user->toArray(); + $input['password'] = 'password2'; + $input['password_confirmation'] = 'password2'; + + $put_url = action([$this->class(), 'update'], [$this->routeKey() => $user]); + $response = $this->put($put_url, $input); + $response->assertSessionHasNoErrors(); + + $user->refresh(); + $this->logout(); + $response = $this-> post('/login', ['username' => $user->username, 'password' => 'password1']); + $response->assertSessionHasErrors(); + $this->post('/login', ['username' => $user->username, 'password' => 'password2']); + $this->assertAuthenticatedAs($user); + } + public function testCanNotDeleteSelf(): void { $user = User::first(); $edit_url = action([$this->class(), 'delete'], [$this->routeKey() => $user]);