Fix user password handling in Admin CP

2018-02-07 21:13:40 -06:00 · 2018-02-07 21:13:40 -06:00 · dd54c5abb1
commit dd54c5abb1
parent e49c739bde
3 changed files with 24 additions and 5 deletions
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -161,7 +161,6 @@ class UserController extends Controller
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
-     * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
     */
    public function update(UserFormRequest $request, User $user)
    {
--- a/app/Services/Users/UserUpdateService.php
+++ b/app/Services/Users/UserUpdateService.php
@ -58,8 +58,10 @@ class UserUpdateService
     */
    public function handle(User $user, array $data): Collection
    {
-        if (array_has($data, 'password')) {
+        if (! empty(array_get($data, 'password'))) {
            $data['password'] = $this->hasher->make($data['password']);
+        } else {
+            unset($data['password']);
        }

        if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) {
--- a/tests/Unit/Services/Users/UserUpdateServiceTest.php
+++ b/tests/Unit/Services/Users/UserUpdateServiceTest.php
@ -41,20 +41,38 @@ class UserUpdateServiceTest extends TestCase
    }

    /**
-     * Test that the handle function does not attempt to hash a password if no password is passed.
+     * Test that the handle function does not attempt to hash a password if no
+     * password is provided or the password is null.
+     *
+     * @dataProvider badPasswordDataProvider
     */
-    public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed()
+    public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed(array $data)
    {
        $user = factory(User::class)->make();
        $this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]);
        $this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull();

-        $response = $this->getService()->handle($user, ['test-data' => 'value']);
+        $response = $this->getService()->handle($user, $data);
        $this->assertInstanceOf(Collection::class, $response);
        $this->assertTrue($response->has('model'));
        $this->assertTrue($response->has('exceptions'));
    }

+    /**
+     * Provide a test data set with passwords that should not be hashed.
+     *
+     * @return array
+     */
+    public function badPasswordDataProvider(): array
+    {
+        return [
+            [['test-data' => 'value']],
+            [['test-data' => 'value', 'password' => null]],
+            [['test-data' => 'value', 'password' => '']],
+            [['test-data' => 'value', 'password' => 0]],
+        ];
+    }
+
    /**
     * Test that the handle function hashes a password if passed in the data array.
     */