Password is in expected array even if password is not updated

[creatoro]

The Auth driver's update_user() method says:

We make the assumption that if a user does not supply a password, that they do not wish to update their password.

But it doesn't remove the password from the exptected array, so it's not possible to update the user without setting a password. Also, the password field has an unnecessary rule.

[marcalj]

This doesn't solve the issue because when you set the extra validation doesn't overwrite old password field rules. So not_empty rule is active and validation fails if you doesn't send any password.

[creatoro]

This way validation will only fail if you try to update the password with an empty string. If you don't send password it won't execute the not_empty rule as the field is unchanged.

[marcalj]

Oh sorry I didn't test when I wrote the comment. It works perfect. I don't know why I need to use the hacky code I used... Now works perfect using:

$user->update_user($_POST, array('username', 'password', 'email'));