Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

password field has empty value when using update operation

See original GitHub issue

Bug report

What I did

Created a field in the CrudController with type = password. Created a new entry, field works fine. When I then edit that new entry the password field is empty (no value is set for the input element).

What I expected to happen

I expected to have the ability to update the password or just save the current password when another property is modified.

What happened

The password property is cleared unless I re-type it.

What I’ve already tried to fix it

Changed the field type to text, then the update works fine but the password is visible which is not what I want.

If this is intended behavior, is there a way to mask the input contents when using a text field?

Backpack, Laravel, PHP, DB version

When I run php artisan backpack:version the output is:

### PHP VERSION:
PHP 7.4.9 (cli) (built: Oct 26 2020 15:17:14) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.9, Copyright (c), by Zend Technologies

### LARAVEL VERSION:
v8.32.1@7c37b64f8153c16b6406f5c28cf37828ebbe8846

### BACKPACK VERSION:
4.1.40@ecbe7676535d3c9121227329d62cad9978d29fee

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
malle-pietjecommented, Apr 15, 2021

Thanks for the tips! Yes, in our application we often store credentials that are used to interact with external APIs, such as Mailchimp. Currently we do it like this with a reveal/hide button: image

I’ll follow your suggestions and create a custom field (e.g. password_updateable) and share that with the community when done and tested.

1reaction
tabacitucommented, Apr 15, 2021

That’s correct @malle-pietje - that’s the intended behaviour for the password field type. And the reason is that 99% of the times, the password is hashed before being stored in the DB. And it cannot be un-hashed - it’s one-way encryption. And the other 1% should probably hash it too 😂

But yeah… if the user has set his password to 12345abcde it is no use to populate the password field with 8ahfs0sa8hfs01hf9su1h9fshf971h39fh197fh97h (the hash). The user doesn’t have to only type one character to change a password, they have to type the entire password again (or a new one), because the system does not know the password he set, the system only knows the hash for that password.

This is more difficult to explain than I expected, let me know if I’m not making myself clear 😂

But yeah, it’s the expected behaviour. Check out the code inside our PermissionManager addon or the simpler UserManager addon - both of them use what is considered “best practice” at the moment:

  • when editing an entry, the password field is empty
  • if filled in, then the password will be changed
  • if left alone (empty), the password stays the same

For visible API keys and such… hmm that’s interesting. If the string is indeed not hashed and can be edited, I guess a good solution would be to create a custom field type starting from the text field. Personally I would just add a button at the end, that would do some quick JS, and by that I mean toggle the readonly and type attributes on the input (type=text to type=password). That way, the user would by default see it hidden (since type=password) but if they want they’d click a box and the input would become type=text and editable and they’d be able to do change it. I don’t see a way around this JS functionality to be honest, asking/allowing a user to change a password or key when only seeing ***** would be counter-intuitive and for sure lead to problems.

If you end up creating this new field type, please post it here too, or even create an add-on for it - someone else might find it useful too.

Hope this helps. Cheers!

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to ignore the password field while updating if the field is ...
I am editing the admin details and it's working but I am getting one issue on password. My issue is If the password...
Read more >
How to not update some field if the value is null / '' / undefined
If I run the query below it will update the password to '' , how to not update the field if it is...
Read more >
Cannot update a field to an empty value
ANSWER: At the time of writing, you can update a textfield to an empty string, but you can not put a null value....
Read more >
update user: allow blank password - Laracasts
Although the two password fields can remain blank. In this case the mysql password field should not be updated. This is my Update...
Read more >
<input type="password"> - HTML: HyperText Markup Language
Value. The value attribute contains a string whose value is the current contents of the text editing control being used to enter the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Bug] First Filter Appears and Won't Go Away When Selecting Any Other Filter

Next page

[Bug] CrudControllers with setFromDb() don't work with DBAL v3