fix: remove username in $validFields by default

kenjis · kenjis · commit 5f38d3ecf3f6 · 2022-11-01T17:24:54.000+09:00
The default configration does not validate username.
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
@@ -223,7 +223,7 @@ class Auth extends BaseConfig
      */
     public array $validFields = [
         'email',
-        'username',
+        // 'username',
     ];
 
     /**
diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
@@ -79,7 +79,7 @@ public function registerAction(): RedirectResponse
         $allowedPostFields = array_merge(
             setting('Auth.validFields'),
             setting('Auth.personalFields'),
-            ['password']
+            array_keys($rules),
         );
         $user = $this->getUserEntity();
         $user->fill($this->request->getPost($allowedPostFields));
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
@@ -118,6 +118,11 @@ public function testLoginActionUsernameSuccess(): void
     {
         Time::setTestNow('March 10, 2017', 'America/Chicago');
 
+        // Add 'username' to $validFields
+        $authConfig                = config('Auth');
+        $authConfig->validFields[] = 'username';
+        Factories::injectMock('config', 'Auth', $authConfig);
+
         // Change the validation rules
         $config = new class () extends Validation {
             public $login = [
