From c4b118c1050cd2d3064d87a68844584b82e129cc Mon Sep 17 00:00:00 2001
From: Andrey Gulitskiy <wyorma@gmail.com>
Date: Sun, 16 Feb 2014 01:25:45 +0700
Subject: [PATCH 1/2] Fix for validation bug on password change

---
 src/Zizaco/Confide/ConfideUser.php |  8 ++++-
 tests/ConfideUserTest.php          | 52 ++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/src/Zizaco/Confide/ConfideUser.php b/src/Zizaco/Confide/ConfideUser.php
index c259244..2ddcef6 100644
--- a/src/Zizaco/Confide/ConfideUser.php
+++ b/src/Zizaco/Confide/ConfideUser.php
@@ -133,7 +133,13 @@ public function resetPassword( $params )
         $password = array_get($params, 'password', '');
         $passwordConfirmation = array_get($params, 'password_confirmation', '');
 
-        if ( $password == $passwordConfirmation )
+        $passwordValidators = array(
+            'password' => static::$rules['password'],
+            'password_confirmation' => static::$rules['password_confirmation'],
+        );
+        $validationResult = static::$app['confide.repository']->validate($passwordValidators);
+
+        if ( $validationResult )
         {
             return static::$app['confide.repository']
                 ->changePassword( $this, static::$app['hash']->make($password) );
diff --git a/tests/ConfideUserTest.php b/tests/ConfideUserTest.php
index 193f89c..8ad34aa 100644
--- a/tests/ConfideUserTest.php
+++ b/tests/ConfideUserTest.php
@@ -105,6 +105,10 @@ public function testShouldChangePassword()
             ->andReturn( true )
             ->once();
 
+        ConfideUser::$app['confide.repository']->shouldReceive('validate')
+            ->andReturn( true )
+            ->once();
+
         $this->populateUser();
 
         $old_password = $this->confide_user->password;
@@ -112,6 +116,54 @@ public function testShouldChangePassword()
         $this->assertTrue( $this->confide_user->resetPassword( $credentials ) );
     }
 
+    public function testShouldNotChangePassword()
+    {
+        // Password should not be changed because it is empty
+        $credentials = array(
+            'email'=>'mail@sample.com',
+            'password'=>'',
+            'password_confirmation'=>''
+        );
+
+        // Should call changePassword of the repository
+        ConfideUser::$app['confide.repository'] = m::mock( 'ConfideRepository' );
+        ConfideUser::$app['confide.repository']->shouldReceive( 'changePassword' )
+            ->never();
+
+        ConfideUser::$app['confide.repository']->shouldReceive('validate')
+            ->andReturn( false )
+            ->times(4);
+
+        $this->populateUser();
+
+        $this->assertFalse( $this->confide_user->resetPassword( $credentials ) );
+
+        // Additional asserts
+        // Password should not be changed because it is too short
+        $credentials = array(
+            'email'=>'mail@sample.com',
+            'password'=>'39a',
+            'password_confirmation'=>'39a'
+        );
+        $this->assertFalse( $this->confide_user->resetPassword( $credentials ) );
+
+        // Password should not be changed because it is too long
+        $credentials = array(
+            'email'=>'mail@sample.com',
+            'password'=>'1a2f34g5uj887n',
+            'password_confirmation'=>'1a2f34g5uj887n'
+        );
+        $this->assertFalse( $this->confide_user->resetPassword( $credentials ) );
+
+        // Password should not be changed because it is not confirmed
+        $credentials = array(
+            'email'=>'mail@sample.com',
+            'password'=>'987987',
+            'password_confirmation'=>'562906'
+        );
+        $this->assertFalse( $this->confide_user->resetPassword( $credentials ) );
+    }
+
     public function testShouldNotSaveDuplicated()
     {
         // Make sure that userExists return 1 to simulates a duplicated user

From 0d04321afdd6250c266ffab394147feb026a9b09 Mon Sep 17 00:00:00 2001
From: Andrey Gulitskiy <wyorma@gmail.com>
Date: Sun, 16 Feb 2014 03:03:20 +0700
Subject: [PATCH 2/2] Tiny changes

---
 src/Zizaco/Confide/ConfideUser.php | 1 -
 tests/ConfideUserTest.php          | 4 +++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Zizaco/Confide/ConfideUser.php b/src/Zizaco/Confide/ConfideUser.php
index 2ddcef6..22b90f3 100644
--- a/src/Zizaco/Confide/ConfideUser.php
+++ b/src/Zizaco/Confide/ConfideUser.php
@@ -131,7 +131,6 @@ public function forgotPassword()
     public function resetPassword( $params )
     {
         $password = array_get($params, 'password', '');
-        $passwordConfirmation = array_get($params, 'password_confirmation', '');
 
         $passwordValidators = array(
             'password' => static::$rules['password'],
diff --git a/tests/ConfideUserTest.php b/tests/ConfideUserTest.php
index 8ad34aa..342abeb 100644
--- a/tests/ConfideUserTest.php
+++ b/tests/ConfideUserTest.php
@@ -105,6 +105,7 @@ public function testShouldChangePassword()
             ->andReturn( true )
             ->once();
 
+        // Should call validate method
         ConfideUser::$app['confide.repository']->shouldReceive('validate')
             ->andReturn( true )
             ->once();
@@ -125,11 +126,12 @@ public function testShouldNotChangePassword()
             'password_confirmation'=>''
         );
 
-        // Should call changePassword of the repository
+        // Should not call changePassword of the repository
         ConfideUser::$app['confide.repository'] = m::mock( 'ConfideRepository' );
         ConfideUser::$app['confide.repository']->shouldReceive( 'changePassword' )
             ->never();
 
+        // Should call validate method
         ConfideUser::$app['confide.repository']->shouldReceive('validate')
             ->andReturn( false )
             ->times(4);