Merge pull request #60 from issh1989/patch-1

Fix: Prevent Override User Password if the Field is Empty
5 years ago · ece413e0d3
2 changed files with 27 additions and 2 deletions
--- a/app/Http/Requests/Users/UpdateRequest.php
+++ b/app/Http/Requests/Users/UpdateRequest.php
@ -68,6 +68,8 @@ class UpdateRequest extends FormRequest

        if ($formData['password']) {
            $formData['password'] = bcrypt($formData['password']);
+        } else {
+            unset($formData['password']);
        }

        return $formData;
--- a/tests/Feature/UsersProfileTest.php
+++ b/tests/Feature/UsersProfileTest.php
@ -2,10 +2,10 @@

 namespace Tests\Feature;

-use Storage;
 use App\User;
-use Tests\TestCase;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Storage;
+use Tests\TestCase;

 class UsersProfileTest extends TestCase
 {
@ -96,6 +96,29 @@ class UsersProfileTest extends TestCase
    }

    /** @test */
+    public function empty_password_does_not_replace_existing()
+    {
+        $manager = $this->loginAsUser();
+        $user = factory(User::class)->create([
+            'manager_id' => $manager->id,
+            'password'   => 'some random string password',
+        ]);
+        $this->visit(route('users.edit', $user->id));
+        $this->seePageIs(route('users.edit', $user->id));
+
+        $this->submitForm(trans('app.update'), [
+            'email'    => 'user@mail.com',
+            'password' => '',
+        ]);
+
+        $this->seeInDatabase('users', [
+            'id'         => $user->id,
+            'manager_id' => $manager->id,
+            'password'   => 'some random string password',
+        ]);
+    }
+
+    /** @test */
    public function user_can_upload_their_own_photo()
    {
        Storage::fake(config('filesystems.default'));