From b7fb310f73aeadad56b274426d60988dbbcfaac5 Mon Sep 17 00:00:00 2001
From: Sam Poyigi <6567634+sampoyigi@users.noreply.github.com>
Date: Sun, 22 Sep 2024 15:27:02 +0100
Subject: [PATCH] fix: update password attribute handling and validation in
 user models (v4)

Signed-off-by: Sam Poyigi <6567634+sampoyigi@users.noreply.github.com>
---
 resources/models/customer.php                   | 2 +-
 src/Http/Middleware/InjectImpersonateBanner.php | 2 +-
 src/Http/Requests/CustomerRequest.php           | 4 ++--
 src/Models/Customer.php                         | 1 +
 src/Models/User.php                             | 4 ++--
 5 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/resources/models/customer.php b/resources/models/customer.php
index 44a8007..70d2036 100644
--- a/resources/models/customer.php
+++ b/resources/models/customer.php
@@ -187,7 +187,7 @@
                 'condition' => 'unchecked',
             ],
         ],
-        '_confirm_password' => [
+        'confirm_password' => [
             'label' => 'lang:igniter.user::default.customers.label_confirm_password',
             'type' => 'password',
             'span' => 'right',
diff --git a/src/Http/Middleware/InjectImpersonateBanner.php b/src/Http/Middleware/InjectImpersonateBanner.php
index f9c870c..898c949 100644
--- a/src/Http/Middleware/InjectImpersonateBanner.php
+++ b/src/Http/Middleware/InjectImpersonateBanner.php
@@ -12,7 +12,7 @@ public function handle($request, \Closure $next): Response
     {
         $response = $next($request);
 
-        if (Igniter::runningInAdmin()) {
+        if (!$request->routeIs('igniter.theme.*') || Igniter::runningInAdmin()) {
             return $response;
         }
 
diff --git a/src/Http/Requests/CustomerRequest.php b/src/Http/Requests/CustomerRequest.php
index d7906c7..c3cd003 100644
--- a/src/Http/Requests/CustomerRequest.php
+++ b/src/Http/Requests/CustomerRequest.php
@@ -23,7 +23,7 @@ public function attributes()
             'addresses.*.postcode' => lang('igniter.user::default.customers.label_postcode'),
             'addresses.*.country_id' => lang('igniter.user::default.customers.label_country'),
             'password' => lang('igniter.user::default.customers.label_password'),
-            '_confirm_password' => lang('igniter.user::default.customers.label_confirm_password'),
+            'confirm_password' => lang('igniter.user::default.customers.label_confirm_password'),
         ];
     }
 
@@ -33,7 +33,7 @@ public function rules()
             'first_name' => ['required', 'string', 'between:1,48'],
             'last_name' => ['required', 'string', 'between:1,48'],
             'email' => ['required', 'email:filter', 'max:96', Rule::unique('customers')->ignore($this->getRecordId(), 'customer_id')],
-            'password' => ['nullable', 'required_if:send_invite,0', 'string', 'min:8', 'max:40', 'same:_confirm_password'],
+            'password' => ['nullable', 'required_if:send_invite,0', 'string', 'min:8', 'max:40', 'same:confirm_password'],
             'telephone' => ['nullable', 'string'],
             'newsletter' => ['nullable', 'required', 'boolean'],
             'customer_group_id' => ['required', 'integer'],
diff --git a/src/Models/Customer.php b/src/Models/Customer.php
index 1fc8e04..ef4d297 100644
--- a/src/Models/Customer.php
+++ b/src/Models/Customer.php
@@ -59,6 +59,7 @@ class Customer extends AuthUserModel
 
     protected $casts = [
         'customer_id' => 'integer',
+        'password' => 'hashed',
         'address_id' => 'integer',
         'customer_group_id' => 'integer',
         'newsletter' => 'boolean',
diff --git a/src/Models/User.php b/src/Models/User.php
index c20361a..dac2987 100644
--- a/src/Models/User.php
+++ b/src/Models/User.php
@@ -11,7 +11,6 @@
 use Igniter\User\Classes\PermissionManager;
 use Igniter\User\Classes\UserState;
 use Igniter\User\Models\Concerns\SendsInvite;
-use Illuminate\Support\Facades\Hash;
 
 /**
  * Users Model Class
@@ -43,6 +42,7 @@ class User extends AuthUserModel
     protected $hidden = ['password', 'remember_token'];
 
     protected $casts = [
+        'password' => 'hashed',
         'user_role_id' => 'integer',
         'sale_permission' => 'integer',
         'language_id' => 'integer',
@@ -314,7 +314,7 @@ public function register(array $attributes, $activate = false)
         $user->name = array_get($attributes, 'name');
         $user->email = array_get($attributes, 'email');
         $user->username = array_get($attributes, 'username');
-        $user->password = Hash::make(array_get($attributes, 'password'));
+        $user->password = array_get($attributes, 'password');
         $user->language_id = array_get($attributes, 'language_id');
         $user->user_role_id = array_get($attributes, 'user_role_id');
         $user->super_user = array_get($attributes, 'super_user', false);