OrganizationFactory::setAdminAccountPassword : encrypt password

src/Service/Organization/OrganizationFactory.php

@@ -967,9 +967,12 @@ class OrganizationFactory
             throw new \RuntimeException('No admin account found for this organization.');
         }
 
-        // Set the password on the Person entity
+        // Hash the password using bcrypt
+        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
+
+        // Set the hashed password on the Person entity
         $person = $adminAccess->getPerson();
-        $person->setPassword($password);
+        $person->setPassword($hashedPassword);
 
         // Persist the changes
         $this->entityManager->persist($person);

tests/Unit/Service/Organization/OrganizationFactoryTest.php

@@ -2213,8 +2213,11 @@ class OrganizationFactoryTest extends TestCase
         // Set up the AccessRepository to return the access when findAdminAccess is called
         $this->accessRepository->method('findAdminAccess')->with($organization)->willReturn($access);
 
-        // Expect the person's setPassword method to be called with the password
-        $person->expects(self::once())->method('setPassword')->with('Password123!');
+        // Expect the person's setPassword method to be called with a hashed password (not the plain password)
+        $person->expects(self::once())->method('setPassword')->with(self::callback(function($hashedPassword) {
+            // Verify that the password is not the plain text password
+            return is_string($hashedPassword) && $hashedPassword !== 'Password123!';
+        }));
 
         // Expect the EntityManager's persist and flush methods to be called
         $this->entityManager->expects(self::once())->method('persist')->with($person);