XF 2.2 Error updating Super admin password update with REST api

Artis

Artis

New member
So the problem: cannot change user password true REST API if the user is Supper Administrator (don't know about simple admin or moderator)

how to reproduce
1) Create API key with full access (login with this dummy user as admin)
2) Create dummy user -> make him a supper administrator
3) use REST API with a key that you created in step 1 (I use POSTMAN and I can update passwords this way only in this case its a fail)
POST: (endpoint api/users/dummyUserID)
POST DATA:
password: new_dummy_user_pasw
4) if you try to login as admin with the new password that you set in step 3 your log in is denied! But if you try the same password from step 1 it's all good



P.s
The rest API answers with ["success": true,] when I'm trying to update super admin pasw, but it does not change because I did check it in the database
SELECT * FROM xf_user_authenticate where user_id = dummy_user_id no changes after step 4

If you remove the super admin status to the dummy user it's all good and rest API can update your password!

HELP!!! - Tnx
 
Sort by date Sort by votes
The solution is to make your own plugin and rewrite the function, a bit hacky but in my case, this will do!

PHP: 
<?php

namespace Your\Plugin\XF\Api\ControllerPlugin;

class User extends XFCP_User
{
    public function userSaveProcessAdmin(\XF\Entity\User $user)
    {
        if (($user->is_super_admin || $user->is_admin) && $user->user_id !== 1) {
            $password = $this->filter('password', 'str');
            if (strlen($password)) {
                /** @var \XF\Entity\UserAuth $auth */
                $auth = $user->getRelationOrDefault('Auth');
                $auth->setPassword($password);
                $this->formAction()->complete(function () use ($user) {
                    $this->repository('XF:UserRemember')->clearUserRememberRecords($user->user_id);
                });
            }
        }

        return parent::userSaveProcessAdmin($user);
    }
}
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Cylon
XF 2.2 Confused about the user profile and permissions returned by the rest api
Replies
8
Views
1K
Cylon
Cylon
emiya
XF 2.1 Possible to promote an user via API?
Replies
1
Views
581
Mike
Mike
S
  • Question Question
Xenforo 2 - Tagging and Rest API
Replies
1
Views
891
Chris D
Chris D
Top Bottom