Fixed #13336 - Save unhashed password if no password provided

[snipe]

This addresses issue #13336, where if LDAP sync is enabled, and then disabled, the LDAP password remains for users that logged in while LDAP sync was enabled.

By setting passwords to a static string that isn't hashed, the user will never be able to login, since we the process of logging in compares only hashes, and the string *** NO PASSWORD *** will never ever match a submitted hashed password.

We have to be careful here to make sure we do not ever hash that NO PASSWORD string, of course.

This has the added benefit of making importing a large number of LDAP users go faster, since bcrypt does slow things down a bit.

[what-the-diff]

PR Summary

• Introduction of a centralised password configuration
  A new function called noPassword() has been introduced in the User model. This function serves to centralize the way we manage password handling across different files.

• Refactoring of code for managing passwords
  The previously scattered code for generating random passwords in LdapSync.php, UsersController.php, LoginController.php, and Ldap.php has been replaced with the newly created centralized noPassword() function located in the User model. This leads to cleaner and easier to maintain code.

• Minor corrections and adjustments
  Small tweaks were made to further improve code accuracy and performance. This included fixing a typo in the Ldap.php model and refining the password attribute handling in SCIMUser.php.

• Code Documentation
  An explanation of the noPassword() function was added in the User model. This enhances the readability and understanding of the codebase, fostering efficient collaboration among developers.

[snipe]

We probably also have to add a bit in the settings where we batch update any user with ldap_import (or whatever the field name is) to set it this way as well.

[marcusmoore]

Some minor changes but overall 👍🏾

[uberbrady]

This looks good to me - if you take Marcus's comment into consideration and fix that one part.

But I had another idea that might be good -

What if we change the ->noPassword() method to look like this:

function noPassword()
{
     $this->password = "*** NO PASSWORD ***";
}

Then you could make all the places where you're calling this method a little bit simpler -

Instead of $this->password = $this->noPassword() you could just say $this->noPassword().

This is not a hill I'm going to die on, however. Just an idea.

[snipe]

@uberbrady I think that's definitely worth looking at for a refactor. I'd like to push this out as-is right now though - thank you!