XF 2.2 Error updating Super admin password update with REST api


New member
So the problem: cannot change user password true REST API if the user is Supper Administrator (don't know about simple admin or moderator)

how to reproduce
1) Create API key with full access (login with this dummy user as admin)
2) Create dummy user -> make him a supper administrator
3) use REST API with a key that you created in step 1 (I use POSTMAN and I can update passwords this way only in this case its a fail)
POST: (endpoint api/users/dummyUserID)
password: new_dummy_user_pasw
4) if you try to login as admin with the new password that you set in step 3 your log in is denied! But if you try the same password from step 1 it's all good

The rest API answers with ["success": true,] when I'm trying to update super admin pasw, but it does not change because I did check it in the database
SELECT * FROM xf_user_authenticate where user_id = dummy_user_id no changes after step 4

If you remove the super admin status to the dummy user it's all good and rest API can update your password!

HELP!!! - Tnx
The solution is to make your own plugin and rewrite the function, a bit hacky but in my case, this will do!


namespace Your\Plugin\XF\Api\ControllerPlugin;

class User extends XFCP_User
    public function userSaveProcessAdmin(\XF\Entity\User $user)
        if (($user->is_super_admin || $user->is_admin) && $user->user_id !== 1) {
            $password = $this->filter('password', 'str');
            if (strlen($password)) {
                /** @var \XF\Entity\UserAuth $auth */
                $auth = $user->getRelationOrDefault('Auth');
                $this->formAction()->complete(function () use ($user) {

        return parent::userSaveProcessAdmin($user);
Last edited:
Top Bottom