From 8fd2d5bfa59831a6b5b68a72acd4dcd064fe5b67 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Thu, 9 Dec 2021 23:39:46 +0100
Subject: [PATCH] Allow empty password in settings

---
 config/config.default.php                     |  4 +--
 resources/lang/en_US/default.po               |  1 +
 resources/views/pages/settings/password.twig  | 15 ++++++----
 src/Controllers/SettingsController.php        |  6 ++--
 .../Controllers/SettingsControllerTest.php    | 30 +++++++++++++++++++
 5 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/config/config.default.php b/config/config.default.php
index 5563ff22..b76b5857 100644
--- a/config/config.default.php
+++ b/config/config.default.php
@@ -249,8 +249,8 @@ return [
     // The minimum length for passwords
     'min_password_length'     => env('PASSWORD_MINIMUM_LENGTH', 8),
 
-    // Whether the Password field should be enabled.
-    // If this is disabled, it means that no password can be set and the user will
+    // Whether the Password field should be enabled on registration.
+    // If this is disabled, it means that no password can be set on registration so the user will
     // not be able to log in unless linked to an oauth provider.
     'enable_password'         => (bool)env('ENABLE_PASSWORD', true),
 
diff --git a/resources/lang/en_US/default.po b/resources/lang/en_US/default.po
index f2407744..b1b5825f 100644
--- a/resources/lang/en_US/default.po
+++ b/resources/lang/en_US/default.po
@@ -21,6 +21,7 @@ msgstr ""
 
 #~ msgid "auth.no-password"
 #~ msgstr "Please enter a password."
+
 msgid "auth.password.error"
 msgstr "Your password is incorrect. Please try it again."
 
diff --git a/resources/views/pages/settings/password.twig b/resources/views/pages/settings/password.twig
index 7d4ebcab..1902135d 100644
--- a/resources/views/pages/settings/password.twig
+++ b/resources/views/pages/settings/password.twig
@@ -11,12 +11,15 @@
             <div class="row">
                 <div class="col-md-12">
                     {{ m.info(__('settings.password.info')) }}
-                    {{ f.input(
-                        'password',
-                        __('settings.password.password'),
-                        'password',
-                        {'required': true}
-                    ) }}
+
+                    {% if user.password %}
+                        {{ f.input(
+                            'password',
+                            __('settings.password.password'),
+                            'password',
+                            {'required': true}
+                        ) }}
+                    {% endif %}
                     {{ f.input(
                         'new_password',
                         __('settings.password.new_password'),
diff --git a/src/Controllers/SettingsController.php b/src/Controllers/SettingsController.php
index 86b5d874..40447641 100644
--- a/src/Controllers/SettingsController.php
+++ b/src/Controllers/SettingsController.php
@@ -77,12 +77,12 @@ class SettingsController extends BaseController
 
         $minLength = config('min_password_length');
         $data = $this->validate($request, [
-            'password'      => 'required',
+            'password'      => 'required' . (empty($user->password) ? '|optional' : ''),
             'new_password'  => 'required|min:' . $minLength,
-            'new_password2' => 'required'
+            'new_password2' => 'required',
         ]);
 
-        if (!$this->auth->verifyPassword($user, $data['password'])) {
+        if (!empty($user->password) && !$this->auth->verifyPassword($user, $data['password'])) {
             $this->addNotification('auth.password.error', 'errors');
         } elseif ($data['new_password'] != $data['new_password2']) {
             $this->addNotification('validation.password.confirmed', 'errors');
diff --git a/tests/Unit/Controllers/SettingsControllerTest.php b/tests/Unit/Controllers/SettingsControllerTest.php
index c4e31b1e..0cb96840 100644
--- a/tests/Unit/Controllers/SettingsControllerTest.php
+++ b/tests/Unit/Controllers/SettingsControllerTest.php
@@ -99,6 +99,36 @@ class SettingsControllerTest extends TestCase
         $this->assertEquals('settings.password.success', $messages[0]);
     }
 
+    /**
+     * @covers \Engelsystem\Controllers\SettingsController::savePassword
+     */
+    public function testSavePasswordWhenEmpty()
+    {
+        $this->user->password = '';
+        $this->user->save();
+
+        $body = [
+            'new_password'  => 'anotherpassword',
+            'new_password2' => 'anotherpassword'
+        ];
+        $this->request = $this->request->withParsedBody($body);
+
+        $this->setExpects($this->auth, 'user', null, $this->user, $this->once());
+        $this->setExpects($this->auth, 'setPassword', [$this->user, 'anotherpassword'], null, $this->once());
+        $this->setExpects(
+            $this->response,
+            'redirectTo',
+            ['http://localhost/settings/password'],
+            $this->response,
+            $this->once()
+        );
+
+        /** @var SettingsController $controller */
+        $controller = $this->app->make(SettingsController::class);
+        $controller->setValidator(new Validator());
+        $controller->savePassword($this->request);
+    }
+
     /**
      * @covers \Engelsystem\Controllers\SettingsController::savePassword
      */