Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix user password handling in Admin CP

Browse source
This commit is contained in:
Dane Everitt 2018-02-07 21:13:40 -06:00
parent e49c739bde
commit dd54c5abb1
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
3 changed files with 24 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/Admin/UserController.php
View file

@ -161,7 +161,6 @@ class UserController extends Controller
* *
* @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/ */
public function update(UserFormRequest $request, User $user) public function update(UserFormRequest $request, User $user)
{ {

4
app/Services/Users/UserUpdateService.php
View file

@ -58,8 +58,10 @@ class UserUpdateService
*/ */
public function handle(User $user, array $data): Collection public function handle(User $user, array $data): Collection
{ {
if (array_has($data, 'password')) { if (! empty(array_get($data, 'password'))) {
$data['password'] = $this->hasher->make($data['password']); $data['password'] = $this->hasher->make($data['password']);
} else {
unset($data['password']);
} }
if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) { if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) {

24
tests/Unit/Services/Users/UserUpdateServiceTest.php
View file

@ -41,20 +41,38 @@ class UserUpdateServiceTest extends TestCase
} }
/** /**
* Test that the handle function does not attempt to hash a password if no password is passed. * Test that the handle function does not attempt to hash a password if no
* password is provided or the password is null.
*
* @dataProvider badPasswordDataProvider
*/ */
public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed() public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed(array $data)
{ {
$user = factory(User::class)->make(); $user = factory(User::class)->make();
$this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]); $this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]);
$this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull(); $this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull();
$response = $this->getService()->handle($user, ['test-data' => 'value']); $response = $this->getService()->handle($user, $data);
$this->assertInstanceOf(Collection::class, $response); $this->assertInstanceOf(Collection::class, $response);
$this->assertTrue($response->has('model')); $this->assertTrue($response->has('model'));
$this->assertTrue($response->has('exceptions')); $this->assertTrue($response->has('exceptions'));
} }
/**
* Provide a test data set with passwords that should not be hashed.
*
* @return array
*/
public function badPasswordDataProvider(): array
{
return [
[['test-data' => 'value']],
[['test-data' => 'value', 'password' => null]],
[['test-data' => 'value', 'password' => '']],
[['test-data' => 'value', 'password' => 0]],
];
}
/** /**
* Test that the handle function hashes a password if passed in the data array. * Test that the handle function hashes a password if passed in the data array.
*/ */