From 8dc6181de343f03fcc2dc56f94f2599bc5d477ce Mon Sep 17 00:00:00 2001
From: Master3395 <master3395@users.noreply.github.com>
Date: Sun, 21 Sep 2025 01:07:54 +0200
Subject: [PATCH] Refactor user password update logic: Only update password and
 token if a new password is provided. Update frontend to conditionally include
 password in the request data, improving user experience and data handling.
 Fix: https://github.com/usmannasir/cyberpanel/issues/1509

---
 userManagment/static/userManagment/userManagment.js |  6 +++++-
 userManagment/views.py                              | 10 ++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/userManagment/static/userManagment/userManagment.js b/userManagment/static/userManagment/userManagment.js
index 72c0adcce..3d3fe4054 100644
--- a/userManagment/static/userManagment/userManagment.js
+++ b/userManagment/static/userManagment/userManagment.js
@@ -305,11 +305,15 @@ app.controller('modifyUser', function ($scope, $http) {
             firstName: firstName,
             lastName: lastName,
             email: email,
-            passwordByPass: password,
             securityLevel: $scope.securityLevel,
             twofa: $scope.twofa
         };
 
+        // Only include password if it's provided and not empty
+        if (password && password.trim()) {
+            data.passwordByPass = password;
+        }
+
         var config = {
             headers: {
                 'X-CSRFToken': getCookie('csrftoken')
diff --git a/userManagment/views.py b/userManagment/views.py
index 11b07926e..0a95d49e6 100644
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -408,14 +408,16 @@ def saveModifications(request):
                 json_data = json.dumps(data_ret)
                 return HttpResponse(json_data)
 
-            token = hashPassword.generateToken(accountUsername, data['passwordByPass'])
-            password = hashPassword.hash_password(data['passwordByPass'])
+            # Only update password if a new one is provided
+            if 'passwordByPass' in data and data['passwordByPass'] and data['passwordByPass'].strip():
+                token = hashPassword.generateToken(accountUsername, data['passwordByPass'])
+                password = hashPassword.hash_password(data['passwordByPass'])
+                user.password = password
+                user.token = token
 
             user.firstName = firstName
             user.lastName = lastName
             user.email = email
-            user.password = password
-            user.token = token
             user.type = 0
             user.twoFA = twofa