Fix hidden preference bug

This commit is contained in:
Phan An 2017-06-04 09:34:21 +01:00
parent c9ec0406ff
commit 03baef25bd
2 changed files with 20 additions and 7 deletions

View file

@ -152,13 +152,15 @@ class User extends Authenticatable
*/
public function getPreferencesAttribute($value)
{
return tap(unserialize($value) ?: [], function (array $preferences) {
// Hide the user's secrets away!
foreach ($this->hiddenPreferences as $key) {
if (array_key_exists($key, $preferences)) {
$preferences[$key] = 'hidden';
}
$preferences = unserialize($value) ?: [];
// Hide sensitive data from returned preferences.
foreach ($this->hiddenPreferences as $key) {
if (array_key_exists($key, $preferences)) {
$preferences[$key] = 'hidden';
}
});
}
return $preferences;
}
}

View file

@ -68,4 +68,15 @@ class UserTest extends BrowserKitTestCase
$user->deletePreference('foo');
$this->assertNull($user->getPreference('foo'));
}
public function testHidingUserPreferences()
{
$user = factory(User::class)->create([
'preferences' => [
'lastfm_session_key' => '123456',
],
]);
$this->assertEquals('hidden', $user->preferences['lastfm_session_key']);
}
}