From dd54c5abb1c2603f6812d6d9c9761f1460a5f053 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Wed, 7 Feb 2018 21:13:40 -0600 Subject: [PATCH] Fix user password handling in Admin CP --- app/Http/Controllers/Admin/UserController.php | 1 - app/Services/Users/UserUpdateService.php | 4 +++- .../Services/Users/UserUpdateServiceTest.php | 24 ++++++++++++++++--- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index 5656ae124..e0474fa5b 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -161,7 +161,6 @@ class UserController extends Controller * * @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException */ public function update(UserFormRequest $request, User $user) { diff --git a/app/Services/Users/UserUpdateService.php b/app/Services/Users/UserUpdateService.php index 1a767ae1a..440ab57ce 100644 --- a/app/Services/Users/UserUpdateService.php +++ b/app/Services/Users/UserUpdateService.php @@ -58,8 +58,10 @@ class UserUpdateService */ public function handle(User $user, array $data): Collection { - if (array_has($data, 'password')) { + if (! empty(array_get($data, 'password'))) { $data['password'] = $this->hasher->make($data['password']); + } else { + unset($data['password']); } if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) { diff --git a/tests/Unit/Services/Users/UserUpdateServiceTest.php b/tests/Unit/Services/Users/UserUpdateServiceTest.php index 9d794c69f..a686abefa 100644 --- a/tests/Unit/Services/Users/UserUpdateServiceTest.php +++ b/tests/Unit/Services/Users/UserUpdateServiceTest.php @@ -41,20 +41,38 @@ class UserUpdateServiceTest extends TestCase } /** - * Test that the handle function does not attempt to hash a password if no password is passed. + * Test that the handle function does not attempt to hash a password if no + * password is provided or the password is null. + * + * @dataProvider badPasswordDataProvider */ - public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed() + public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed(array $data) { $user = factory(User::class)->make(); $this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]); $this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull(); - $response = $this->getService()->handle($user, ['test-data' => 'value']); + $response = $this->getService()->handle($user, $data); $this->assertInstanceOf(Collection::class, $response); $this->assertTrue($response->has('model')); $this->assertTrue($response->has('exceptions')); } + /** + * Provide a test data set with passwords that should not be hashed. + * + * @return array + */ + public function badPasswordDataProvider(): array + { + return [ + [['test-data' => 'value']], + [['test-data' => 'value', 'password' => null]], + [['test-data' => 'value', 'password' => '']], + [['test-data' => 'value', 'password' => 0]], + ]; + } + /** * Test that the handle function hashes a password if passed in the data array. */