Alex/Pterodactyl-Panel
1
1
Fork 1
mirror of https://github.com/pterodactyl/panel.git synced 2024-10-27 12:22:28 +01:00
Code Issues Releases Wiki Activity

Fix user password handling in Admin CP

Browse Source
This commit is contained in:
Dane Everitt 2018-02-07 21:13:40 -06:00
parent e49c739bde
commit dd54c5abb1
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
3 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Controllers/Admin/UserController.php
View File

@ -161,7 +161,6 @@ class UserController extends Controller
* *
* @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/ */
public function update(UserFormRequest $request, User $user) public function update(UserFormRequest $request, User $user)
{ {

4
app/Services/Users/UserUpdateService.php
View File

@ -58,8 +58,10 @@ class UserUpdateService
*/ */
public function handle(User $user, array $data): Collection public function handle(User $user, array $data): Collection
{ {
if (array_has($data, 'password')) { if (! empty(array_get($data, 'password'))) {
$data['password'] = $this->hasher->make($data['password']); $data['password'] = $this->hasher->make($data['password']);
} else {
unset($data['password']);
} }
if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) { if ($this->isUserLevel(User::USER_LEVEL_ADMIN)) {

24
tests/Unit/Services/Users/UserUpdateServiceTest.php
View File

@ -41,20 +41,38 @@ class UserUpdateServiceTest extends TestCase
} }
/** /**
* Test that the handle function does not attempt to hash a password if no password is passed. * Test that the handle function does not attempt to hash a password if no
* password is provided or the password is null.
*
* @dataProvider badPasswordDataProvider
*/ */
public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed() public function testUpdateUserWithoutTouchingHasherIfNoPasswordPassed(array $data)
{ {
$user = factory(User::class)->make(); $user = factory(User::class)->make();
$this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]); $this->revocationService->shouldReceive('getExceptions')->withNoArgs()->once()->andReturn([]);
$this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull(); $this->repository->shouldReceive('update')->with($user->id, ['test-data' => 'value'])->once()->andReturnNull();
$response = $this->getService()->handle($user, ['test-data' => 'value']); $response = $this->getService()->handle($user, $data);
$this->assertInstanceOf(Collection::class, $response); $this->assertInstanceOf(Collection::class, $response);
$this->assertTrue($response->has('model')); $this->assertTrue($response->has('model'));
$this->assertTrue($response->has('exceptions')); $this->assertTrue($response->has('exceptions'));
} }
/**
* Provide a test data set with passwords that should not be hashed.
*
* @return array
*/
public function badPasswordDataProvider(): array
{
return [
[['test-data' => 'value']],
[['test-data' => 'value', 'password' => null]],
[['test-data' => 'value', 'password' => '']],
[['test-data' => 'value', 'password' => 0]],
];
}
/** /**
* Test that the handle function hashes a password if passed in the data array. * Test that the handle function hashes a password if passed in the data array.
*/ */