Don't update passwords in the Importer

stevebauman · stevebauman · commit ae8defbac698 · 2017-03-06T11:07:08.000-05:00
- Closes #263
diff --git a/src/Auth/DatabaseUserProvider.php b/src/Auth/DatabaseUserProvider.php
@@ -135,6 +135,21 @@ public function validateCredentials(Authenticatable $model, array $credentials)
             // validation rules pass, we will allow the authentication
             // attempt. Otherwise, it is automatically rejected.
             if ($this->newValidator($this->getRules($this->user, $model))->passes()) {
+                // We'll check if we've been given a password and that
+                // syncing password is enabled. Otherwise we'll
+                // use a random 16 character string.
+                if ($this->isSyncingPasswords()) {
+                    $password = $credentials['password'];
+                } else {
+                    $password = str_random();
+                }
+
+                // If the model has a set mutator for the password then we'll
+                // assume that we're using a custom encryption method for
+                // passwords. Otherwise we'll bcrypt it normally.
+                $model->password = $model->hasSetMutator('password') ?
+                    $password : bcrypt($password);
+
                 // All of our validation rules have passed and we can
                 // finally save the model in case of changes.
                 $model->save();
@@ -198,6 +213,16 @@ class_uses_recursive(get_class($model))
         );
     }
 
+    /**
+     * Determines if passwords are being syncronized.
+     *
+     * @return bool
+     */
+    public function isSyncingPasswords()
+    {
+        return config('adldap_auth.password_sync', true);
+    }
+
     /**
      * Determines if login fallback is enabled.
      *
diff --git a/src/Auth/Importer.php b/src/Auth/Importer.php
@@ -19,24 +19,6 @@ public function run(User $user, Model $model, array $credentials = [])
         // we'll create a new one for them.
         $model = $this->findByCredentials($model, $credentials) ?: $model->newInstance();
 
-        // We'll check if we've been given a password and that
-        // syncing password is enabled. Otherwise we'll
-        // use a random 16 character string.
-        if (
-            array_key_exists('password', $credentials) &&
-            $this->isSyncingPasswords()
-        ) {
-            $password = $credentials['password'];
-        } else {
-            $password = str_random();
-        }
-
-        // If the model has a set mutator for the password then we'll
-        // assume that we're using a custom encryption method for
-        // passwords. Otherwise we'll bcrypt it normally.
-        $model->password = $model->hasSetMutator('password') ?
-            $password : bcrypt($password);
-
         // Synchronize other LDAP attributes on the model.
         $this->syncModelAttributes($user, $model);
 
@@ -101,16 +83,6 @@ protected function syncModelAttributes(User $user, Model $model)
         }
     }
 
-    /**
-     * Returns the configured password sync configuration option.
-     *
-     * @return bool
-     */
-    protected function isSyncingPasswords()
-    {
-        return config('adldap_auth.password_sync', true);
-    }
-
     /**
      * Retrieves the specified field from the User model.
      *
diff --git a/src/Commands/Import.php b/src/Commands/Import.php
@@ -106,6 +106,12 @@ public function import(array $users = [])
                 // Import the user and retrieve it's model.
                 $model = $this->getImporter()->run($user, $this->model());
 
+                $password = str_random();
+
+                // Set the models password.
+                $model->password = $model->hasSetMutator('password') ?
+                    $password : bcrypt($password);
+
                 // Save the returned model.
                 $this->save($user, $model);
 
diff --git a/src/Middleware/WindowsAuthenticate.php b/src/Middleware/WindowsAuthenticate.php
@@ -103,6 +103,12 @@ protected function retrieveAuthenticatedUser($key, $username)
                 // assigns a random 16 character password for us.
                 $model = $this->getImporter()->run($user, $this->getModel(), $credentials);
 
+                $password = str_random();
+
+                // Set the models password.
+                $model->password = $model->hasSetMutator('password') ?
+                    $password : bcrypt($password);
+
                 // We also want to save the returned model in case it doesn't
                 // exist yet, or there are changes to be synced.
                 $model->save();
