Fix empty password (#7025)

CHANGELOG-DEV.md

@@ -33,6 +33,7 @@ HumHub Changelog
 - Fix #7021: Image cropping: prevent vertical images from being displayed higher than the browser window
 - Fix #7007: Allow resetting of people filters
 - Fix #7023: Fix `Unsupported configuration type: object` Exception when running `php yii` on fresh installation
+- Fix #7025: Fix empty password
 
 1.16.0-beta.2 (April 9, 2024)
 -----------------------------

protected/humhub/modules/user/migrations/m240523_081438_fix_null_password.php

@@ -0,0 +1,31 @@
+<?php
+
+use humhub\modules\user\models\Password;
+use yii\db\Expression;
+use yii\db\Migration;
+
+/**
+ * Class m240523_081438_fix_null_password
+ */
+class m240523_081438_fix_null_password extends Migration
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        Password::deleteAll(['OR',
+            ['IS', 'algorithm', new Expression('NULL')],
+            ['IS', 'password', new Expression('NULL')]]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        echo "m240523_081438_fix_null_password cannot be reverted.\n";
+
+        return false;
+    }
+}

protected/humhub/modules/user/models/Password.php

@@ -15,6 +15,7 @@ use yii\base\ErrorException;
 use yii\base\Exception;
 use yii\db\ActiveQuery;
 use yii\db\ActiveRecord;
+use yii\web\BadRequestHttpException;
 
 /**
  * This is the model class for table "user_password".
@@ -64,6 +65,11 @@ class Password extends ActiveRecord
 
     public function beforeSave($insert)
     {
+        if (empty($this->password) || empty($this->algorithm)) {
+            Yii::error(sprintf('Stop saving of empty password for user #%s', $this->user_id), 'user');
+            throw new BadRequestHttpException(Yii::t('UserModule.base', 'Empty password cannot be saved!'));
+        }
+
         $this->created_at = date('Y-m-d H:i:s');
 
         return parent::beforeSave($insert);