User edit: Default empty password behavior

[gvanto]

Bug report

What I did:

Left password empty and tried saving user.

What I expected to happen:

Ignores the password entirely (ie dont try and update it. If I am editing a user I don't necessarily want to update their password)

What happened:

Error thrown:

Backpack, Laravel, PHP, DB version:

BP/Crud 6.4, Lara 10.x, MySQL 5.7

[pxpm]

Hey there.

I could not reproduce your use case. Can you reproduce it in our online demo ?

Cheers

[gvanto]

Hi @pxpm

Ok I tried the online demo but it says "user editing is disable for demo" so maybe that's why it's not throwing the same error?

[gvanto]

It seems that the password validation is "confirmed": https://github.com/Laravel-Backpack/PermissionManager/blob/main/src/app/Http/Requests/UserUpdateCrudRequest.php#L32

Should it not also be "nullable" if it's optional (as the case with updating a user?): https://laravel.com/docs/10.x/validation#a-note-on-optional-fields

Similar issue:
https://laracasts.com/discuss/channels/laravel/how-to-validate-password-in-update

[gvanto]

Actually I'm thinking this is not a validation issue ... as it doesn't come up with form validation error.

It's almost as if the empty string (password + confirm) are not being converted to null (I've checked though and the ConvertEmptyStringsToNull middleware is in the call stack on the error page)

Very strange, let me investigate some more ...

[gvanto]

Ok found the issue, had 'password' in my $fillable array on my User model (needed in other places) which was causing the issue ... sorry for that and thanks again for your help @pxpm

[gvanto]

Ok found the issue, had 'password' in my $fillable array on my User model (needed in other places) which was causing the issue ... sorry for that and thanks again for your help @pxpm

This wasn't the issue ('password' should be fillable on the User model: https://github.com/laravel/laravel/blob/10.x/app/Models/User.php#L23 )

So I'm still facing this same issue. On leaving the password empty, the error is thrown as per the first post ...(password not nullable).

When I output the request's contents: (in UpdateOperation > update()):
The password and password_confirmation are null (as expected).

array:12 [▼ // vendor/backpack/crud/src/app/Http/Controllers/Operations/UpdateOperation.php:91
  "_token" => "X7YFNVKS0vSBdWirYZgk3A2fNRQktOFn6NKqPFSi"
  "_method" => "PUT"
  "_http_referrer" => "http://0.0.0.0:8000/admin/user"
  "name" => "Gert"
  "email" => "[email protected]"
  "password" => null
  "password_confirmation" => null
  "roles" => array:1 [▶]
  "roles_show" => array:1 [▶]
  "permissions" => null
  "id" => "2"
  "_save_action" => "save_and_back"
]

What is strange is why this query is being run at all? (the password is the only field that should not be updated, as it was left blank):

[promatik]

Hey @gvanto!
You can try to clone demo to your local machine and try this, locally it will work as expected.

I tried our demo (locally) and everything works as expected.

The password is sent as empty, but it's not updated.

My guess is maybe you're not using ConvertEmptyStringsToNull middleware, or maybe there's a mutator for the password in your model. Can you share with us your user controller and model?

I'll close this issue for now, but please feel free to leave us your questions and keep us up to date 🙌