From 0f179e53c2fbbc0a048143e6c75a33cf6e959c23 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 24 Apr 2026 13:18:44 +0300
Subject: [PATCH] hash password in create user

---
 app/User/UseCases/CreateUser.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/app/User/UseCases/CreateUser.php b/app/User/UseCases/CreateUser.php
index cfec430..49dfb71 100644
--- a/app/User/UseCases/CreateUser.php
+++ b/app/User/UseCases/CreateUser.php
@@ -21,6 +21,16 @@ class CreateUser
             throw new BadRequestException('email is required');
         }
 
+        if ($dto->password === null) {
+            throw new BadRequestException('password is required');
+        }
+
+        if (strlen($dto->password) < 8) {
+            throw new BadRequestException(
+                'password must be at least 8 characters'
+            );
+        }
+
         $email = new EmailAddress($dto->email);
         if ($this->userRepo->findByEmail($email) !== null) {
             throw new BadRequestException('email already taken');
@@ -28,6 +38,7 @@ class CreateUser
 
         $this->userRepo->create(new CreateUserDto(
             email: $email,
+            passwordHash: password_hash($dto->password, PASSWORD_DEFAULT),
             isAdmin: $dto->isAdmin,
         ));
     }