Skip to content
This repository was archived by the owner on Feb 18, 2023. It is now read-only.

Commit f752208

Browse files
joselfonsecajoselfonseca
committed
Don't let users change the password from the update endpoint.
1 parent baff5e1 commit f752208

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

app/Http/Controllers/Api/Users/UsersController.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,8 @@ public function update(Request $request, $uuid)
100100
];
101101
}
102102
$this->validate($request, $rules);
103-
$user->update($request->except('_token'));
103+
// Except password as we don't want to let the users change a password from this endpoint
104+
$user->update($request->except('_token', 'password'));
104105
if($request->has('roles')) {
105106
$user->syncRoles($request['roles']);
106107
}

0 commit comments

Comments
 (0)