diff --git a/config/config.default.php b/config/config.default.php index 5563ff22..b76b5857 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -249,8 +249,8 @@ return [ // The minimum length for passwords 'min_password_length' => env('PASSWORD_MINIMUM_LENGTH', 8), - // Whether the Password field should be enabled. - // If this is disabled, it means that no password can be set and the user will + // Whether the Password field should be enabled on registration. + // If this is disabled, it means that no password can be set on registration so the user will // not be able to log in unless linked to an oauth provider. 'enable_password' => (bool)env('ENABLE_PASSWORD', true), diff --git a/resources/lang/en_US/default.po b/resources/lang/en_US/default.po index f2407744..b1b5825f 100644 --- a/resources/lang/en_US/default.po +++ b/resources/lang/en_US/default.po @@ -21,6 +21,7 @@ msgstr "" #~ msgid "auth.no-password" #~ msgstr "Please enter a password." + msgid "auth.password.error" msgstr "Your password is incorrect. Please try it again." diff --git a/resources/views/pages/settings/password.twig b/resources/views/pages/settings/password.twig index 7d4ebcab..1902135d 100644 --- a/resources/views/pages/settings/password.twig +++ b/resources/views/pages/settings/password.twig @@ -11,12 +11,15 @@
{{ m.info(__('settings.password.info')) }} - {{ f.input( - 'password', - __('settings.password.password'), - 'password', - {'required': true} - ) }} + + {% if user.password %} + {{ f.input( + 'password', + __('settings.password.password'), + 'password', + {'required': true} + ) }} + {% endif %} {{ f.input( 'new_password', __('settings.password.new_password'), diff --git a/src/Controllers/SettingsController.php b/src/Controllers/SettingsController.php index 86b5d874..40447641 100644 --- a/src/Controllers/SettingsController.php +++ b/src/Controllers/SettingsController.php @@ -77,12 +77,12 @@ class SettingsController extends BaseController $minLength = config('min_password_length'); $data = $this->validate($request, [ - 'password' => 'required', + 'password' => 'required' . (empty($user->password) ? '|optional' : ''), 'new_password' => 'required|min:' . $minLength, - 'new_password2' => 'required' + 'new_password2' => 'required', ]); - if (!$this->auth->verifyPassword($user, $data['password'])) { + if (!empty($user->password) && !$this->auth->verifyPassword($user, $data['password'])) { $this->addNotification('auth.password.error', 'errors'); } elseif ($data['new_password'] != $data['new_password2']) { $this->addNotification('validation.password.confirmed', 'errors'); diff --git a/tests/Unit/Controllers/SettingsControllerTest.php b/tests/Unit/Controllers/SettingsControllerTest.php index c4e31b1e..0cb96840 100644 --- a/tests/Unit/Controllers/SettingsControllerTest.php +++ b/tests/Unit/Controllers/SettingsControllerTest.php @@ -99,6 +99,36 @@ class SettingsControllerTest extends TestCase $this->assertEquals('settings.password.success', $messages[0]); } + /** + * @covers \Engelsystem\Controllers\SettingsController::savePassword + */ + public function testSavePasswordWhenEmpty() + { + $this->user->password = ''; + $this->user->save(); + + $body = [ + 'new_password' => 'anotherpassword', + 'new_password2' => 'anotherpassword' + ]; + $this->request = $this->request->withParsedBody($body); + + $this->setExpects($this->auth, 'user', null, $this->user, $this->once()); + $this->setExpects($this->auth, 'setPassword', [$this->user, 'anotherpassword'], null, $this->once()); + $this->setExpects( + $this->response, + 'redirectTo', + ['http://localhost/settings/password'], + $this->response, + $this->once() + ); + + /** @var SettingsController $controller */ + $controller = $this->app->make(SettingsController::class); + $controller->setValidator(new Validator()); + $controller->savePassword($this->request); + } + /** * @covers \Engelsystem\Controllers\SettingsController::savePassword */