Bug: Updating user information empties password

[yoramdelangen]

Describe the bug If I want to comment or change the role(s) of a user (no matter if it's a root user or a normal database user), the password gets reset. Even though it should not "reset" the password field to an empty string. You can not login with an empty password string and therefore you brick your user.

I was able to detect what was happening via http and sniff the traffic (using Proxyman).

Important to note the PASSWORD "" in the request body.

Root user update request/response: Normal database user request/response:

To Reproduce Steps to reproduce the behavior:

1. Go to 'Authentication'
2. Click on a 'root' user (which has a password set) or create a new "Database user" with a password.
3. Verify if login with user, with a separate connection.
4. Update the user, select a role or add a comment and click on "save"
5. Try login with root or the database user and it will not be successful because the password was reset.

Expected behavior The form field states that when leaving empty the password will not be set.

Workaround/Solution to fix Current workaround I have found is start SurrealDB with the --allow-guests flag and change the password.

Environment:

Platform: Desktop
OS: Darwin
Architecture: x86_64
WebView: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko)
Version: 2.0.6
Flags: featureFlags: false, models_view: true, apidocs_view: true, themes: false, newsfeed: true

[macjuul]

Thank you for reporting this issue! This was caused by an oversight on my side, and should be rectified in the next release

My apologies for any inconvenience this may have caused