Merge pull request #647 from DirectoryTree/BUG-645

Don't rehash passwords if password column is false
DirectoryTree · Apr 12, 2024 · 4c92ce8 · 4c92ce8
2 parents 42a3563 + b1ad38a
commit 4c92ce8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/src/Auth/DatabaseUserProvider.php b/src/Auth/DatabaseUserProvider.php
@@ -206,6 +206,8 @@ public function validateCredentials(Authenticatable $user, array $credentials):
      */
     public function rehashPasswordIfRequired(Authenticatable $user, array $credentials, bool $force = false): void
     {
-        $this->eloquent->rehashPasswordIfRequired($user, $credentials, $force);
+        if (($this->synchronizer->getConfig()['password_column'] ?? 'password') !== false) {
+            $this->eloquent->rehashPasswordIfRequired($user, $credentials, $force);
+        }
     }
 }
diff --git a/tests/Feature/DatabaseUserProviderTest.php b/tests/Feature/DatabaseUserProviderTest.php
@@ -159,4 +159,17 @@ public function test_failing_loudly_throws_exception_when_resolving_users()
 
         $provider->retrieveByCredentials([]);
     }
+
+    public function test_rehash_password_if_required_does_nothing_when_password_column_disabled()
+    {
+        $synchronizer = new UserSynchronizer(TestUserModelStub::class, [
+            'password_column' => false,
+        ]);
+
+        $provider = $this->createDatabaseUserProvider(synchronizer: $synchronizer);
+
+        $provider->rehashPasswordIfRequired($model = new TestUserModelStub, ['password' => 'secret']);
+
+        $this->assertNull($model->password);
+    }
 }