search

Laravel-Backpack / PermissionManager

Admin interface for managing users, roles, permissions, using Backpack CRUD
http://backpackforlaravel.com
Other
527 stars 168 forks source link

User edit: Default empty password behavior #351

Closed gvanto closed 7 months ago

gvanto commented 9 months ago

Bug report

What I did:

Left password empty and tried saving user.

What I expected to happen:

Ignores the password entirely (ie dont try and update it. If I am editing a user I don't necessarily want to update their password)

What happened:

Error thrown: image

Backpack, Laravel, PHP, DB version:

BP/Crud 6.4, Lara 10.x, MySQL 5.7

pxpm commented 9 months ago

Hey there.

I could not reproduce your use case. Can you reproduce it in our online demo ?

Cheers

gvanto commented 9 months ago

Hi @pxpm

Ok I tried the online demo but it says "user editing is disable for demo" so maybe that's why it's not throwing the same error?

gvanto commented 9 months ago

It seems that the password validation is "confirmed": https://github.com/Laravel-Backpack/PermissionManager/blob/main/src/app/Http/Requests/UserUpdateCrudRequest.php#L32

Should it not also be "nullable" if it's optional (as the case with updating a user?): https://laravel.com/docs/10.x/validation#a-note-on-optional-fields

Similar issue: https://laracasts.com/discuss/channels/laravel/how-to-validate-password-in-update

gvanto commented 9 months ago

Actually I'm thinking this is not a validation issue ... as it doesn't come up with form validation error.

It's almost as if the empty string (password + confirm) are not being converted to null (I've checked though and the ConvertEmptyStringsToNull middleware is in the call stack on the error page)

Very strange, let me investigate some more ...

gvanto commented 9 months ago

Ok found the issue, had 'password' in my $fillable array on my User model (needed in other places) which was causing the issue ... sorry for that and thanks again for your help @pxpm

gvanto commented 9 months ago

Ok found the issue, had 'password' in my $fillable array on my User model (needed in other places) which was causing the issue ... sorry for that and thanks again for your help @pxpm

This wasn't the issue ('password' should be fillable on the User model: https://github.com/laravel/laravel/blob/10.x/app/Models/User.php#L23 )

So I'm still facing this same issue. On leaving the password empty, the error is thrown as per the first post ...(password not nullable).

When I output the request's contents: (in UpdateOperation > update()): The password and password_confirmation are null (as expected).

array:12 [▼ // vendor/backpack/crud/src/app/Http/Controllers/Operations/UpdateOperation.php:91
  "_token" => "X7YFNVKS0vSBdWirYZgk3A2fNRQktOFn6NKqPFSi"
  "_method" => "PUT"
  "_http_referrer" => "http://0.0.0.0:8000/admin/user"
  "name" => "Gert"
  "email" => "gert@email.com"
  "password" => null
  "password_confirmation" => null
  "roles" => array:1 [▶]
  "roles_show" => array:1 [▶]
  "permissions" => null
  "id" => "2"
  "_save_action" => "save_and_back"
]

What is strange is why this query is being run at all? (the password is the only field that should not be updated, as it was left blank):

image

promatik commented 7 months ago

Hey @gvanto! You can try to clone demo to your local machine and try this, locally it will work as expected.

I tried our demo (locally) and everything works as expected.

image The password is sent as empty, but it's not updated.

My guess is maybe you're not using ConvertEmptyStringsToNull middleware, or maybe there's a mutator for the password in your model. Can you share with us your user controller and model?

I'll close this issue for now, but please feel free to leave us your questions and keep us up to date 🙌