fix: wbs-user:disable random password (#1015)

deer-wmde · web-flow · commit 2156e09df1a4 · 2025-11-25T10:30:24.000+01:00
- Using just `random_bytes` does not guarantee a valid Bcrypt password
value
- Using the sha1 hashsum of that value should be sufficient

From time to time you would see this bug with the command failing in the
unit test:

```
1) Tests\Commands\DisableTest::testSuccess
ValueError: Bcrypt password must not contain null character

/var/www/html/vendor/laravel/framework/src/Illuminate/Hashing/BcryptHasher.php:47
/var/www/html/vendor/laravel/framework/src/Illuminate/Hashing/HashManager.php:63
/var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php:355
/var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php:1325
/var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php:998
/var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:2238
/var/www/html/app/Console/Commands/User/Disable.php:55
/var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:36
/var/www/html/vendor/laravel/framework/src/Illuminate/Container/Util.php:41
/var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:93
/var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:35
/var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php:662
/var/www/html/vendor/laravel/framework/src/Illuminate/Console/Command.php:211
/var/www/html/vendor/symfony/console/Command/Command.php:326
/var/www/html/vendor/laravel/framework/src/Illuminate/Console/Command.php:180
/var/www/html/vendor/symfony/console/Application.php:1078
/var/www/html/vendor/symfony/console/Application.php:324
/var/www/html/vendor/symfony/console/Application.php:175
/var/www/html/vendor/laravel/framework/src/Illuminate/Console/Application.php:162
/var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php:400
/var/www/html/vendor/laravel/framework/src/Illuminate/Testing/PendingCommand.php:297
/var/www/html/vendor/laravel/framework/src/Illuminate/Testing/PendingCommand.php:484
/var/www/html/tests/Commands/User/DisableTest.php:31
/var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Testing/TestCase.php:61
```
diff --git a/app/Console/Commands/User/Disable.php b/app/Console/Commands/User/Disable.php
@@ -52,7 +52,7 @@ public function handle(): int {
 
         $userId = $user->id;
         $user->email = uniqid() . '@disabled-user.wikibase.cloud';
-        $user->password = random_bytes(10);
+        $user->password = sha1(random_bytes(10));
         $user->verified = false;
 
         if ($user->save()) {
