throw an exception on registration with an empty password

fixes cartalyst#51 Signed-off-by: Suhayb Wardany <me@suw.me>
ministryofjustice · May 22, 2015 · c8b2591 · c8b2591
1 parent 7e623e5
commit c8b2591
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/src/Users/IlluminateUserRepository.php b/src/Users/IlluminateUserRepository.php
@@ -294,7 +294,7 @@ protected function validateUser(array $credentials, $id = null)
 				throw new InvalidArgumentException('No [login] credential was passed.');
 			}
 
-			if ($password === null)
+			if (empty($password))
 			{
 				throw new InvalidArgumentException('You have not passed a [password].');
 			}

diff --git a/tests/IlluminateUserRepositoryTest.php b/tests/IlluminateUserRepositoryTest.php
@@ -217,6 +217,23 @@ public function testValidateUserForCreationWithoutPassword()
 		$users->validForCreation($credetials);
 	}
 
+	/**
+	 * @expectedException \InvalidArgumentException
+	 */
+	public function testValidateUserForCreationWithEmptyPassword()
+	{
+		$user = new EloquentUser;
+
+		list($users, $hasher, $model, $query) = $this->getUsersMock();
+
+		$credetials = [
+			'email'    => 'foo@example.com',
+			'password' => null,
+		];
+
+		$users->validForCreation($credetials);
+	}
+
 	public function testValidateUserForUpdate()
 	{
 		$user = $this->fakeUser();