Update AccountController, fix #456

2018-09-12 21:45:08 -06:00 · 2018-09-12 21:45:08 -06:00 · 599844b2fb
parent 3d3016c169
commit 599844b2fb
2 changed files with 7 additions and 2 deletions
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@ -295,7 +295,10 @@ class AccountController extends Controller
        if(password_verify($password, $user->password) === true) {
            $request->session()->put('sudoMode', time());
            return redirect($next);
+        } else {
+            return redirect()
+                ->back()
+                ->withErrors(['password' => __('auth.failed')]);
        }
-        return redirect($next);
    }
 }
--- a/app/User.php
+++ b/app/User.php
@ -33,7 +33,9 @@ class User extends Authenticatable
     * @var array
     */
    protected $hidden = [
-        'password', 'remember_token',
+        'email', 'password', 'is_admin', 'remember_token', 
+        'email_verified_at', '2fa_enabled', '2fa_secret', 
+        '2fa_backup_codes', '2fa_setup_at',
    ];

    public function profile()