From 345938af19ccbbecb021a9ba98a8243aed0929dd Mon Sep 17 00:00:00 2001
From: Esmail Alshikh <ismaielalsheakh@gmail.com>
Date: Wed, 9 Sep 2020 00:53:46 +0300
Subject: [PATCH 1/2] unset password attribute if null

To prevent remove the password from database row.
---
 app/Http/Requests/Users/UpdateRequest.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Http/Requests/Users/UpdateRequest.php b/app/Http/Requests/Users/UpdateRequest.php
index 289f09e..0e9e3b4 100644
--- a/app/Http/Requests/Users/UpdateRequest.php
+++ b/app/Http/Requests/Users/UpdateRequest.php
@@ -68,6 +68,8 @@ class UpdateRequest extends FormRequest
 
         if ($formData['password']) {
             $formData['password'] = bcrypt($formData['password']);
+        } else {
+            unset($formData['password']);
         }
 
         return $formData;

From d9fe87b1c16b850ab7b9db3ffb88f1b20cc33e6d Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sun, 20 Sep 2020 10:49:29 +0800
Subject: [PATCH 2/2] Add a test to make sure existing password does not
 replaced

---
 tests/Feature/UsersProfileTest.php | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/tests/Feature/UsersProfileTest.php b/tests/Feature/UsersProfileTest.php
index 76f43dc..4cd0c4f 100644
--- a/tests/Feature/UsersProfileTest.php
+++ b/tests/Feature/UsersProfileTest.php
@@ -2,10 +2,10 @@
 
 namespace Tests\Feature;
 
-use Storage;
 use App\User;
-use Tests\TestCase;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Storage;
+use Tests\TestCase;
 
 class UsersProfileTest extends TestCase
 {
@@ -96,6 +96,29 @@ class UsersProfileTest extends TestCase
     }
 
     /** @test */
+    public function empty_password_does_not_replace_existing()
+    {
+        $manager = $this->loginAsUser();
+        $user = factory(User::class)->create([
+            'manager_id' => $manager->id,
+            'password'   => 'some random string password',
+        ]);
+        $this->visit(route('users.edit', $user->id));
+        $this->seePageIs(route('users.edit', $user->id));
+
+        $this->submitForm(trans('app.update'), [
+            'email'    => 'user@mail.com',
+            'password' => '',
+        ]);
+
+        $this->seeInDatabase('users', [
+            'id'         => $user->id,
+            'manager_id' => $manager->id,
+            'password'   => 'some random string password',
+        ]);
+    }
+
+    /** @test */
     public function user_can_upload_their_own_photo()
     {
         Storage::fake(config('filesystems.default'));