Role changes by admin require password user #1866

New Issue

OVERLORD · 2026-02-05T02:05:05+03:00

OVERLORD commented

2026-02-05 02:05:05 +03:00

Originally created by @stonemaker01 on GitHub (Sep 24, 2020).

While i was upgrading users roles, i was forced to confirm the password. As admin i should not hold users passwords. Upgrading an user with new role, should be done without confirming the password.
Actually, the settings page does not ask for the password, but wont allow me to safe the changes, without this confirmation.
Anybody an idea how to solve?

Originally created by @stonemaker01 on GitHub (Sep 24, 2020). While i was upgrading users roles, i was forced to confirm the password. As admin i should not hold users passwords. Upgrading an user with new role, should be done without confirming the password. Actually, the settings page does not ask for the password, but wont allow me to safe the changes, without this confirmation. Anybody an idea how to solve?

OVERLORD closed this issue

2026-02-05 02:05:09 +03:00

OVERLORD commented

2026-02-05 02:05:14 +03:00

@ssddanbrown commented on GitHub (Sep 26, 2020):

Hi @stonemaker01,
Are you sure this is the case? The functionality is there in the event an admin needs to force change a password.
You should be able to change other details and leave the password fields empty to update the record without password change.
I have just tested this and it seems to work as expected.

@ssddanbrown commented on GitHub (Sep 26, 2020): Hi @stonemaker01, Are you sure this is the case? The functionality is there in the event an admin needs to force change a password. You should be able to change other details and leave the password fields empty to update the record without password change. I have just tested this and it seems to work as expected.

OVERLORD commented

2026-02-05 02:05:17 +03:00

@stonemaker01 commented on GitHub (Sep 26, 2020):

Hello sir,
I have done the change again reversed, and same issue appeared. Confirm the
password of that particular user.
I was suprised myself too.

Op za 26 sep. 2020 12:07 schreef Dan Brown notifications@github.com:

Hi @stonemaker01 https://github.com/stonemaker01,
Are you sure this is the case? The functionality is there in the event an
admin needs to force change a password.
You should be able to change other details and leave the password fields
empty to update the record without password change.
I have just tested this and it seems to work as expected.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699473915,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AQ5XHBJFLACMLUIY5HZTMLLSHW4M7ANCNFSM4RYAIJLQ
.

@stonemaker01 commented on GitHub (Sep 26, 2020): Hello sir, I have done the change again reversed, and same issue appeared. Confirm the password of that particular user. I was suprised myself too. Op za 26 sep. 2020 12:07 schreef Dan Brown <notifications@github.com>: > Hi @stonemaker01 <https://github.com/stonemaker01>, > Are you sure this is the case? The functionality is there in the event an > admin needs to force change a password. > You should be able to change other details and leave the password fields > empty to update the record without password change. > I have just tested this and it seems to work as expected. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699473915>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AQ5XHBJFLACMLUIY5HZTMLLSHW4M7ANCNFSM4RYAIJLQ> > . >

OVERLORD commented

2026-02-05 02:05:20 +03:00

@ssddanbrown commented on GitHub (Sep 26, 2020):

Okay, Before you press "Save" or "Update" when making changes to a profile, Is there any content within either of the password inputs? Or are they empty?

@ssddanbrown commented on GitHub (Sep 26, 2020): Okay, Before you press "Save" or "Update" when making changes to a profile, Is there any content within either of the password inputs? Or are they empty?

OVERLORD commented

2026-02-05 02:05:24 +03:00

@stonemaker01 commented on GitHub (Sep 26, 2020):

It is empty.

Op za 26 sep. 2020 13:44 schreef Dan Brown notifications@github.com:

Okay, Before you press "Save" or "Update" when making changes to a
profile, Is there any content within either of the password inputs? Or are
they empty?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484540,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AQ5XHBP5A4VNFOYZQFFOXTDSHXH23ANCNFSM4RYAIJLQ
.

@stonemaker01 commented on GitHub (Sep 26, 2020): It is empty. Op za 26 sep. 2020 13:44 schreef Dan Brown <notifications@github.com>: > Okay, Before you press "Save" or "Update" when making changes to a > profile, Is there any content within either of the password inputs? Or are > they empty? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484540>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AQ5XHBP5A4VNFOYZQFFOXTDSHXH23ANCNFSM4RYAIJLQ> > . >

OVERLORD commented

2026-02-05 02:05:26 +03:00

@ssddanbrown commented on GitHub (Sep 26, 2020):

Okay, Strange.

And on the settings page, What version of BookStack is shown?

@ssddanbrown commented on GitHub (Sep 26, 2020): Okay, Strange. And on the settings page, What version of BookStack is shown?

OVERLORD commented

2026-02-05 02:05:29 +03:00

@stonemaker01 commented on GitHub (Sep 26, 2020):

That is 0.30.0
I have not tried the same route in previous version.

Op za 26 sep. 2020 13:47 schreef Dan Brown notifications@github.com:

Okay, Strange.

And on the settings page, What version of BookStack is shown?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484823,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AQ5XHBMPLERCXZCT2OYNFBTSHXIGNANCNFSM4RYAIJLQ
.

@stonemaker01 commented on GitHub (Sep 26, 2020): That is 0.30.0 I have not tried the same route in previous version. Op za 26 sep. 2020 13:47 schreef Dan Brown <notifications@github.com>: > Okay, Strange. > > And on the settings page, What version of BookStack is shown? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484823>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AQ5XHBMPLERCXZCT2OYNFBTSHXIGNANCNFSM4RYAIJLQ> > . >

OVERLORD commented

2026-02-05 02:05:31 +03:00

@stonemaker01 commented on GitHub (Sep 30, 2020):

Hi. I noticed a difference:
Once an useraccount has a password dashed in the first block, any
adjustment in the user settings must be confirmed by a password in the
second block.
When there is no password in the first block, i can change anything in the
settings of the account.

There is somewhere an dependence build in, when passwords are set manually.

Op za 26 sep. 2020 13:47 schreef Dan Brown notifications@github.com:

Okay, Strange.

And on the settings page, What version of BookStack is shown?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484823,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AQ5XHBMPLERCXZCT2OYNFBTSHXIGNANCNFSM4RYAIJLQ
.

@stonemaker01 commented on GitHub (Sep 30, 2020): Hi. I noticed a difference: Once an useraccount has a password dashed in the first block, any adjustment in the user settings must be confirmed by a password in the second block. When there is no password in the first block, i can change anything in the settings of the account. There is somewhere an dependence build in, when passwords are set manually. Op za 26 sep. 2020 13:47 schreef Dan Brown <notifications@github.com>: > Okay, Strange. > > And on the settings page, What version of BookStack is shown? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2276#issuecomment-699484823>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AQ5XHBMPLERCXZCT2OYNFBTSHXIGNANCNFSM4RYAIJLQ> > . >

OVERLORD commented

2026-02-05 02:05:34 +03:00

@ssddanbrown commented on GitHub (Sep 30, 2020):

@stonemaker01 Yes, that is intentional, The second input is a confirmation block that is required to match the first input. This logic will only run if a new value is provided in the first input, otherwise the system will assume no changes need to be made to passwords at all.

@ssddanbrown commented on GitHub (Sep 30, 2020): @stonemaker01 Yes, that is intentional, The second input is a confirmation block that is required to match the first input. This logic will only run if a new value is provided in the first input, otherwise the system will assume no changes need to be made to passwords at all.

OVERLORD commented

2026-02-05 02:05:36 +03:00

@ssddanbrown commented on GitHub (Jan 16, 2021):

Since the issue was not confirmed here I'll close this off.

@ssddanbrown commented on GitHub (Jan 16, 2021): Since the issue was not confirmed here I'll close this off.

OVERLORD referenced this issue

2026-02-05 10:20:14 +03:00

[PR #1866] [MERGED] Auth service alignment #5912

Sign in to join this conversation.