From de18e2a8878a6819f031c7a12aeb556512f4de09 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 8 Aug 2017 14:41:58 -0700
Subject: [PATCH] Only bcrypt passwords on user save if the password value is
 passed

---
 app/Http/Controllers/Api/UsersController.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 04c8e93c2d..8a76e49fe9 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -107,6 +107,7 @@ class UsersController extends Controller
         $this->authorize('view', User::class);
         $user = new User;
         $user->fill($request->all());
+        $user->password = bcrypt($request->input('password'));
 
         if ($user->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.create.success')));
@@ -144,6 +145,11 @@ class UsersController extends Controller
         $user = User::findOrFail($id);
         $user->fill($request->all());
 
+        if ($request->has('password')) {
+            $user->password = bcrypt($request->input('password'));
+        }
+
+
         if ($user->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
         }