Fix hidden preference bug

2024-11-10 06:34:14 +00:00 · 2017-06-04 09:34:21 +01:00 · 2017-06-04 09:34:21 +01:00 · 03baef25bd
commit 03baef25bd
parent c9ec0406ff
2 changed files with 20 additions and 7 deletions
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -152,13 +152,15 @@ class User extends Authenticatable
     */
    public function getPreferencesAttribute($value)
    {
-        return tap(unserialize($value) ?: [], function (array $preferences) {
-            // Hide the user's secrets away!
-            foreach ($this->hiddenPreferences as $key) {
-                if (array_key_exists($key, $preferences)) {
-                    $preferences[$key] = 'hidden';
-                }
+        $preferences = unserialize($value) ?: [];
+
+        // Hide sensitive data from returned preferences.
+        foreach ($this->hiddenPreferences as $key) {
+            if (array_key_exists($key, $preferences)) {
+                $preferences[$key] = 'hidden';
            }
-        });
+        }
+
+        return $preferences;
    }
 }
--- a/tests/Feature/UserTest.php
+++ b/tests/Feature/UserTest.php
@ -68,4 +68,15 @@ class UserTest extends BrowserKitTestCase
        $user->deletePreference('foo');
        $this->assertNull($user->getPreference('foo'));
    }
+
+    public function testHidingUserPreferences()
+    {
+        $user = factory(User::class)->create([
+            'preferences' => [
+                'lastfm_session_key' => '123456',
+            ],
+        ]);
+
+        $this->assertEquals('hidden', $user->preferences['lastfm_session_key']);
+    }
 }