create and edit users are not encrypting password

[mquevedob]

I was just testing the create and edit user forms and I noticed they both assign an unencrypted password in the users table

Should this be fixed in the controller ? or in the Edit or Create forms before Controller?

[mquevedob]

the Edit form is not updating password either and i noticed the create form does not include the roles to select

[mquevedob]

actually the password form parameter is not passed to the controller

[coolsam726]

@mquevedob I noticed these discrepancies. You can actually help me out by making a pull request to apply the fix. I already have the code that will solve that. Two steps to fix this:

1. Add password and password_confirmation to the frontend form
2. In Repositories\Users::store() function, check conditionally if the password is set and Hash it before storing it.

Here is the code: Frontend:

// resources/js/Pages/Users/CreateForm.vue
<div class=" sm:col-span-4">
            <jet-label for="password" value="Password" />
            <jet-input type="password" id="password" name="password" v-model="form.password"
                       :class="{'border-red-500 sm:focus:border-red-300 sm:focus:ring-red-100': form.errors.password}"
            ></jet-input>
            <jet-input-error :message="form.errors.password" class="mt-2" />
        </div>
        <div class=" sm:col-span-4">
            <jet-label for="password_confirmation" value="Repeat Password" />
            <jet-input type="password" id="password_confirmation" name="password_confirmation" v-model="form.password_confirmation"
                       :class="{'border-red-500 sm:focus:border-red-300 sm:focus:ring-red-100': form.errors.password_confirmation}"
            ></jet-input>
        </div>

<script>
    data() {
            return {
                form: useForm({
                    name: null,
                    email: null,
                    password: null, //<-- Include this
                    password_confirmation: null, //<-- Include this
                    profile_photo_path: null,
                    two_factor_secret: null,
                    two_factor_recovery_codes: null,
                    email_verified_at: null,
                    current_team_id: null,                                    
                }, {remember: false}),
            }
        },
</script>

Backend Code

// app/Repositories/Users.php

public static function store(object $data): User
    {
        $model = new User((array) $data);
        // Save Password
        if (optional($data)->password) {
            $model->password = \Hash::make($data->password);
        }
        $model->saveOrFail();
        return $model;
    }

[mquevedob]

i would like to help you. I just dont know how to create a pull request... should I create a new branch for this ?

[mquevedob]

Also I noticed the repo Users.php already hashes password

public function update(object $data): User { $this->model->update((array) $data);

    // Save Relationships

    if (isset($data->password) && $data->password) {
        $this->model->password = \Hash::make($data->password);
    }
    $this->model->saveOrFail();
    return $this->model;
}

the problem i think is that the password is not being validaded and thus not being processed by the controller or repo

[mquevedob]

also, the createForm is ok, it is the editForm that does not send password to controller