Allow empty password in settings

config/config.default.php

@@ -249,8 +249,8 @@ return [
     // The minimum length for passwords
     'min_password_length'     => env('PASSWORD_MINIMUM_LENGTH', 8),
 
-    // Whether the Password field should be enabled.
+    // Whether the Password field should be enabled on registration.
-    // If this is disabled, it means that no password can be set and the user will
+    // If this is disabled, it means that no password can be set on registration so the user will
     // not be able to log in unless linked to an oauth provider.
     'enable_password'         => (bool)env('ENABLE_PASSWORD', true),
 

resources/lang/en_US/default.po

@@ -21,6 +21,7 @@ msgstr ""
 
 #~ msgid "auth.no-password"
 #~ msgstr "Please enter a password."
+
 msgid "auth.password.error"
 msgstr "Your password is incorrect. Please try it again."
 

resources/views/pages/settings/password.twig

@@ -11,12 +11,15 @@
             <div class="row">
                 <div class="col-md-12">
                     {{ m.info(__('settings.password.info')) }}
-                    {{ f.input(
+
-                        'password',
+                    {% if user.password %}
-                        __('settings.password.password'),
+                        {{ f.input(
-                        'password',
+                            'password',
-                        {'required': true}
+                            __('settings.password.password'),
-                    ) }}
+                            'password',
+                            {'required': true}
+                        ) }}
+                    {% endif %}
                     {{ f.input(
                         'new_password',
                         __('settings.password.new_password'),

src/Controllers/SettingsController.php

@@ -77,12 +77,12 @@ class SettingsController extends BaseController
 
         $minLength = config('min_password_length');
         $data = $this->validate($request, [
-            'password'      => 'required',
+            'password'      => 'required' . (empty($user->password) ? '|optional' : ''),
             'new_password'  => 'required|min:' . $minLength,
-            'new_password2' => 'required'
+            'new_password2' => 'required',
         ]);
 
-        if (!$this->auth->verifyPassword($user, $data['password'])) {
+        if (!empty($user->password) && !$this->auth->verifyPassword($user, $data['password'])) {
             $this->addNotification('auth.password.error', 'errors');
         } elseif ($data['new_password'] != $data['new_password2']) {
             $this->addNotification('validation.password.confirmed', 'errors');

tests/Unit/Controllers/SettingsControllerTest.php

@@ -99,6 +99,36 @@ class SettingsControllerTest extends TestCase
         $this->assertEquals('settings.password.success', $messages[0]);
     }
 
+    /**
+     * @covers \Engelsystem\Controllers\SettingsController::savePassword
+     */
+    public function testSavePasswordWhenEmpty()
+    {
+        $this->user->password = '';
+        $this->user->save();
+
+        $body = [
+            'new_password'  => 'anotherpassword',
+            'new_password2' => 'anotherpassword'
+        ];
+        $this->request = $this->request->withParsedBody($body);
+
+        $this->setExpects($this->auth, 'user', null, $this->user, $this->once());
+        $this->setExpects($this->auth, 'setPassword', [$this->user, 'anotherpassword'], null, $this->once());
+        $this->setExpects(
+            $this->response,
+            'redirectTo',
+            ['http://localhost/settings/password'],
+            $this->response,
+            $this->once()
+        );
+
+        /** @var SettingsController $controller */
+        $controller = $this->app->make(SettingsController::class);
+        $controller->setValidator(new Validator());
+        $controller->savePassword($this->request);
+    }
+
     /**
      * @covers \Engelsystem\Controllers\SettingsController::savePassword
      */