Suitecrm: When editing an existing user you must always reenter (twice) the password

Hi @amariussi I've tested this functionality within a fresh 7.11.2 install and I'm not experiencing the issue where the password entry is required on every save of the user. I can make modifications to the users' settings/fields without being prompted to re-enter the password. Is the password field on your CRM set to required or not? I assume this is an upgrade and not a fresh 7.11.2 install?

Hi @willrennie I will test it again more thoroughly. For the time being I tried first on an upgrade from 7.11.0 and then on a fresh install of 7.11.2
Please allow me a few days and I will come back with more info.

I tested it again on the same fresh install.
Each time the Admin user tries to modify some variable of any existing user I get a pop-up prompting for a new password (see image):

"Is the password field on your CRM set to required or not?"

I am not sure I understand this question. I can't find any place where to set the password as a required field.

Here is a screenshot of the password management form:

Maybe you are referring to the password field definition in Studio. Here is a screenshot of the password field in Studio and you can see that it is not a required field:

I will try to install another test instance on another machine and will report back.

Confirmed in a fresh install of 7.11.1 and now upgraded to 7.11.2. When editing the user profile, the password is always assumed to have been changed in the edit - even when the password tab has not been displayed.

Can confirm the behaviour on 7.11.2

When I change a setting in my profile, I have to go to Password tab and re-enter my password and then again to confirm.

Yep, I can confirm this bug also exists in 7.9.17. (I'm not sure if it existed in 7.9.4, the previous version we were on). It'd be great to have a fix for this, it's a problem for some of our users (you're not able to edit your own user account because of it).

@willrennie one important detail for reproducing this bug: You need to have your browser (Chrome-specific issue, maybe?) store your user password, otherwise it won't happen. It will then autofill the "Current Password" field without the user knowing, which is what causes this issue.

Aha, if I delete the password, after modifying my profile, it saves without the password prompt.... I was today year's old when I learned this trick!

This file seems relevant: https://github.com/salesagility/SuiteCRM/blob/27e4e186b645b59dba48b72d0cb78ae045f8f375/jssource/src_files/modules/Users/PasswordRequirementBox.js

This bit in particular is important:

https://github.com/salesagility/SuiteCRM/blob/27e4e186b645b59dba48b72d0cb78ae045f8f375/jssource/src_files/modules/Users/PasswordRequirementBox.js#L55-L59

Which causes the set_password function to trigger if the value is set to true:

https://github.com/salesagility/SuiteCRM/blob/27e4e186b645b59dba48b72d0cb78ae045f8f375/jssource/src_files/modules/Users/PasswordRequirementBox.js#L61-L62

I guess we need to not set the value for password_change to true when the tab hasn't been / isn't currently displayed.

The change that fixed this for us was changing this line in PasswordRequirementBox.js:

- if ((new_pwd != "" || confirm_pwd.value != "" || (document.getElementById('page') && document.getElementById('page').value == "Change"))) {
+ if ((new_pwd != "" || confirm_pwd.value != "" || (document.getElementById('page') && document.getElementById('page').value == "Change")) && old_pwd != "") {

Note you have to "Repair Compressed JS" in the Admin panel to get the change to propagate.