Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error when admin attempting to set password on new user #3487

narration-sd opened this issue Nov 21, 2018 · 2 comments


None yet
2 participants
Copy link

commented Nov 21, 2018


Attempt to set password pseudo-logged-in as new user failed with 'unknown error'
(no email on this vm, so needed to do this for tests)

Steps to reproduce

  1. As primary site admin, create a new user
  2. 'Log in' as the new user via the right-hand midscreen menu
  3. Go to the user in Users, give it Admin privileges
  4. Enter a password, leaaving require again on login unchecked
  5. Attempt to Save
  6. Get asked in a mini-dialog for 'your' password
  7. Enter the original admin's password
  8. Get an 'unknown error', and the password mini-dialog stays up
  9. Log says:
2018-11-21 13:40:48 [-][20][-][error][yii\base\InvalidArgumentException] yii\base\InvalidArgumentException: Hash is invalid. in /home/vagrant/lv-demo_html/vendor/yiisoft/yii2/base/Security.php:651
Stack trace:
#0 /home/vagrant/lv-demo_html/vendor/craftcms/cms/src/web/User.php(302): yii\base\Security->validatePassword('dfu0iaehCh6qr^b...', NULL)
#1 /home/vagrant/lv-demo_html/vendor/craftcms/cms/src/controllers/UsersController.php(235): craft\web\User->startElevatedSession('dfu0iaehCh6qr^b...')
#2 [internal function]: craft\controllers\UsersController->actionStartElevatedSession()
#3 /home/vagrant/lv-demo_html/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#4 /home/vagrant/lv-demo_html/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#5 /home/vagrant/lv-demo_html/vendor/craftcms/cms/src/web/Controller.php(104): yii\base\Controller->runAction('start-elevated-...', Array)
#6 /home/vagrant/lv-demo_html/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('start-elevated-...', Array)



Additional info

PHP version 7.1.20
Database driver & version MySQL 5.7.23
Image driver & version GD 7.1.20
Craft edition & version Craft Pro 3.0.32
Yii version
Twig version 2.5.0
Guzzle version 6.3.3
Imagine version 0.7-dev
Asset Rev 6.0.2
CraftQL dev-master
Element API 2.5.4
Live Vue v0.9.50
Redactor 2.1.6


This comment has been minimized.

Copy link

commented Nov 24, 2018

This was happening because the impersonated user account didn’t have a password yet, and Craft was expecting you to enter their password at this prompt.

If Craft knows you are impersonating another user, it should probably be asking for the original user’s password here, not the impersonated user’s password.


This comment has been minimized.

Copy link
Contributor Author

commented Nov 24, 2018

Thanks -- and yes, as you'll recognize, there's a Catch-22 if it isn't the original user's password, because the new guy you're impersonating doesn't actually have a password yet....

I went back and verified that I'd tried this, in the usual permutative programming ways ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.