From 9f93e151a88f9978898bd73e273cc3825a3ccf49 Mon Sep 17 00:00:00 2001
From: Burton <git@tonjohn.com>
Date: Fri, 20 Mar 2020 21:58:34 -0700
Subject: [PATCH] Hash password only once

When a user resets their password, the password would be double hashed and the user locked out of their account.

Ensure we only hash the password if it needs to be hashed. If it has already been hashed, just return the password as-is.
---
 app/User.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/User.php b/app/User.php
index dd602dc..f85d8a7 100644
--- a/app/User.php
+++ b/app/User.php
@@ -32,7 +32,7 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
 
     public function setPasswordAttribute($password)
     {
-        $this->attributes['password'] = Hash::make($password);
+        $this->attributes['password'] = Hash::needsRehash($password) ? Hash::make($password) : $password;
     }
 
     public function photoUrl(array $attributes)