XF 2.2 Error updating Super admin password update with REST api

Artis

New member
So the problem: cannot change user password true REST API if the user is Supper Administrator (don't know about simple admin or moderator)

how to reproduce
1) Create API key with full access (login with this dummy user as admin)
2) Create dummy user -> make him a supper administrator
3) use REST API with a key that you created in step 1 (I use POSTMAN and I can update passwords this way only in this case its a fail)
POST: (endpoint api/users/dummyUserID)
POST DATA:
password: new_dummy_user_pasw
4) if you try to login as admin with the new password that you set in step 3 your log in is denied! But if you try the same password from step 1 it's all good



P.s
The rest API answers with ["success": true,] when I'm trying to update super admin pasw, but it does not change because I did check it in the database
SELECT * FROM xf_user_authenticate where user_id = dummy_user_id no changes after step 4

If you remove the super admin status to the dummy user it's all good and rest API can update your password!

HELP!!! - Tnx
 

Artis

New member
The solution is to make your own plugin and rewrite the function, a bit hacky but in my case, this will do!

PHP:
<?php

namespace Your\Plugin\XF\Api\ControllerPlugin;

class User extends XFCP_User
{
    public function userSaveProcessAdmin(\XF\Entity\User $user)
    {
        if (($user->is_super_admin || $user->is_admin) && $user->user_id !== 1) {
            $password = $this->filter('password', 'str');
            if (strlen($password)) {
                /** @var \XF\Entity\UserAuth $auth */
                $auth = $user->getRelationOrDefault('Auth');
                $auth->setPassword($password);
                $this->formAction()->complete(function () use ($user) {
                    $this->repository('XF:UserRemember')->clearUserRememberRecords($user->user_id);
                });
            }
        }

        return parent::userSaveProcessAdmin($user);
    }
}
 
Last edited:
Top