Fix the problem of changing password not exist before (#2493)

#### What type of PR is this?

/kind bug
/area core
/milestone 2.0

#### What this PR does / why we need it:

Fix the problem of changing password not exist before.

#### Which issue(s) this PR fixes:

Partial Fixes https://github.com/halo-dev/halo/issues/2427

#### Special notes for your reviewer:

Steps to test:

1. Create an user and change his/her password
2. Login with the user and the password

#### Does this PR introduce a user-facing change?

```release-note
None
```

src/main/java/run/halo/app/core/extension/service/UserServiceImpl.java

@@ -5,6 +5,7 @@ import static run.halo.app.core.extension.RoleBinding.containsUser;
 import java.util.Objects;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import run.halo.app.core.extension.Role;
@@ -42,7 +43,14 @@ public class UserServiceImpl implements UserService {
     @Override
     public Mono<User> updateWithRawPassword(String username, String rawPassword) {
         return getUser(username)
-            .filter(user -> !passwordEncoder.matches(rawPassword, user.getSpec().getPassword()))
+            .filter(user -> {
+                if (!StringUtils.hasText(user.getSpec().getPassword())) {
+                    // Check if the old password is set before, or the passwordEncoder#matches
+                    // will complain an error due to null password.
+                    return true;
+                }
+                return !passwordEncoder.matches(rawPassword, user.getSpec().getPassword());
+            })
             .flatMap(user -> {
                 user.getSpec().setPassword(passwordEncoder.encode(rawPassword));
                 return client.update(user);

src/test/java/run/halo/app/core/extension/service/UserServiceImplTest.java

@@ -229,19 +229,18 @@ class UserServiceImplTest {
 
         @Test
         void shouldUpdatePasswordIfNoPasswordBefore() {
-            var oldUser = createUser("");
+            var oldUser = createUser(null);
             var newUser = createUser("new-password");
 
             when(client.get(User.class, "fake-user")).thenReturn(Mono.just(oldUser));
             when(client.update(oldUser)).thenReturn(Mono.just(newUser));
-            when(passwordEncoder.matches("new-password", "")).thenReturn(false);
             when(passwordEncoder.encode("new-password")).thenReturn("encoded-new-password");
 
             StepVerifier.create(userService.updateWithRawPassword("fake-user", "new-password"))
                 .expectNext(newUser)
                 .verifyComplete();
 
-            verify(passwordEncoder).matches("new-password", "");
+            verify(passwordEncoder, never()).matches("new-password", null);
             verify(passwordEncoder).encode("new-password");
             verify(client).update(argThat(extension -> {
                 var user = (User) extension;