Merge pull request #858 from maheini/patch-1

[dbAuth] add pkName to Columnnames if not contained inside 'dbAuth.returnedColumns'

Author: mevdschee

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

@@ -112,7 +112,11 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 if (strlen($newPassword) < $passwordLength) {
                     return $this->responder->error(ErrorCode::PASSWORD_TOO_SHORT, $passwordLength);
                 }
-                $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
+                $userColumns = $columnNames;
+                if(!in_array($pkName, $columnNames)){
+                    array_push($userColumns, $pkName);
+                }
+                $users = $this->db->selectAll($table, $userColumns, $condition, $columnOrdering, 0, 1);
                 foreach ($users as $user) {
                     if (password_verify($password, $user[$passwordColumnName]) == 1) {
                         if (!headers_sent()) {
@@ -121,6 +125,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                         $data = [$passwordColumnName => password_hash($newPassword, PASSWORD_DEFAULT)];
                         $this->db->updateSingle($table, $data, $user[$pkName]);
                         unset($user[$passwordColumnName]);
+                        if(!in_array($pkName, $columnNames)){
+                            unset($user[$pkName]);
+                        }
                         return $this->responder->success($user);
                     }
                 }