diff --git a/framework/core/src/Api/Controller/UpdateUserController.php b/framework/core/src/Api/Controller/UpdateUserController.php index 58805b0f7..5d639c00d 100644 --- a/framework/core/src/Api/Controller/UpdateUserController.php +++ b/framework/core/src/Api/Controller/UpdateUserController.php @@ -60,7 +60,7 @@ class UpdateUserController extends AbstractShowController // Require the user's current password if they are attempting to change // their own email address. if (isset($data['attributes']['email']) && $actor->id == $id) { - $password = Arr::get($request->getParsedBody(), 'meta.password'); + $password = (string) Arr::get($request->getParsedBody(), 'meta.password'); if (! $actor->checkPassword($password)) { throw new NotAuthenticatedException; diff --git a/framework/core/src/Http/AccessToken.php b/framework/core/src/Http/AccessToken.php index 3a68dd38d..40357838b 100644 --- a/framework/core/src/Http/AccessToken.php +++ b/framework/core/src/Http/AccessToken.php @@ -112,7 +112,8 @@ class AccessToken extends AbstractModel // We truncate user agent so it fits in the database column // The length is hard-coded as the column length // It seems like MySQL or Laravel already truncates values, but we'll play safe and do it ourselves - $this->last_user_agent = substr(Arr::get($request->getServerParams(), 'HTTP_USER_AGENT'), 0, 255); + $agent = Arr::get($request->getServerParams(), 'HTTP_USER_AGENT'); + $this->last_user_agent = substr($agent ?? '', 0, 255); } else { // If no request is provided, we set the values back to null // That way the values always match with the date logged in last_activity diff --git a/framework/core/src/User/AvatarUploader.php b/framework/core/src/User/AvatarUploader.php index ec66511eb..26d6b03cc 100644 --- a/framework/core/src/User/AvatarUploader.php +++ b/framework/core/src/User/AvatarUploader.php @@ -55,6 +55,11 @@ class AvatarUploader { $avatarPath = $user->getRawOriginal('avatar_url'); + // If there was no avatar, there's nothing to remove. + if (! $avatarPath) { + return; + } + $user->afterSave(function () use ($avatarPath) { if ($this->uploadDir->exists($avatarPath)) { $this->uploadDir->delete($avatarPath); diff --git a/framework/core/src/User/User.php b/framework/core/src/User/User.php index 8981f3310..f9ea41756 100644 --- a/framework/core/src/User/User.php +++ b/framework/core/src/User/User.php @@ -340,7 +340,7 @@ class User extends AbstractModel * @param string $password * @return bool */ - public function checkPassword($password) + public function checkPassword(string $password) { $valid = false; @@ -488,7 +488,7 @@ class User extends AbstractModel return $value['default']; }, static::$preferences); - $user = Arr::only((array) json_decode($value, true), array_keys(static::$preferences)); + $user = $value !== null ? Arr::only((array) json_decode($value, true), array_keys(static::$preferences)) : []; return array_merge($defaults, $user); } diff --git a/framework/core/tests/integration/api/users/UpdateTest.php b/framework/core/tests/integration/api/users/UpdateTest.php index 35da918b7..39124ce11 100644 --- a/framework/core/tests/integration/api/users/UpdateTest.php +++ b/framework/core/tests/integration/api/users/UpdateTest.php @@ -121,14 +121,15 @@ class UpdateTest extends TestCase 'data' => [ 'attributes' => [ 'email' => 'someOtherEmail@example.com', - ], - 'meta' => [ - 'password' => 'notTheRightPassword!' ] + ], + 'meta' => [ + 'password' => 'notTheRightPassword!' ] ], ]) ); + $this->assertEquals(401, $response->getStatusCode()); }