Contrib.social

AJAX error when password field is hidden

Open on Drupal.org →
Created on 22 April 2024, 12 months ago

Problem/Motivation

When using this module in combination with another module that hides the password field for certain users we occasionally see the following error in our logs.

Drupal\Core\Ajax\AjaxResponse::setAttachments(): Argument #1 ($attachments) must be of type array, null given, called in /app/web/core/lib/Drupal/Core/Render/MainContent/AjaxRenderer.php on line 67

Investigating it I found that this module is the only thing on the user edit screen that was adding AJAX - it adds the AJAX callback to the roles element.

For the user where the issue is being triggered they do not see the password field or password policy - they are a user linked via the openid connect module which correctly hides the password field from the user.

This module then correctly hides the the password policy based on the password being hidden in an after build function https://git.drupalcode.org/project/password_policy/-/blob/4.0.1/password...

It appears something goes wrong with the AJAX remaining in place on the roles element with the password policy status element not rendered.

It looked at unsetting the #ajax key at the point where the policy element has been hidden, but unfortunately its not that simple as the ajax has been processed by then, meaning it has been added to each role option element - potentially messy and possible to go through and "undo" but not particularly stable.

Steps to reproduce

  1. Enable this module and set a policy that shows for all authenticated users
  2. Hide the pass field on the user account via a form alter in another module
  3. Edit the user account and change the roles
  4. Log message of the type error will be visible in the logs

Proposed resolution

It would be ideal if the AJAX callbacks were only added if the field is visible - but this didn't look that straight forward to remove in an after build since the element itself has been processed.

Remaining tasks

  1. Come up with solution
  2. Implement
  3. Test
  4. Commit

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🐛 Bug report
Status

Active

Version

4.0

Component

Code

Created by

🇳🇿New Zealand ericgsmith

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @ericgsmith
  • Comment 12 months ago
    🇳🇿New Zealand ericgsmith

    The patch from 2779485 🐛 Ajax breaks password reset Postponed: needs info works to hide the error at least, but still leaves AJAX in place. I think 2779485 started off as a different issue however since comment 5 and 6 perhaps they are experiencing this issue.

  • Comment 12 months ago
    🇳🇿New Zealand ericgsmith
  • Merge request !79Draft: Issue #3442714: AJAX error when password field is hidden → (Open) created by ericgsmith
  • Pipeline finished with Success
    12 months ago
    Total: 176s
    #153788
  • Comment 8 months ago
    🇦🇺Australia mingsong 🇦🇺

    We came across this issue too.

    I suggest another approach to avoid this error.

    Since the password field is hidden, the password constraints table should not be render at all.

    So I suggest the following change 

    $password_mutable = $form['account']['pass']['#access'] ?? TRUE;
  // Load form if relevant and password is mutable.
  if (\Drupal::service('password_policy.validation_manager')->tableShouldBeVisible() && $password_mutable) {
  • Merge request !87Issue #3442714 by ericgsmith, Mingsong: AJAX error when password field is hidden → (Open) created by mingsong
  • Comment 8 months ago
    🇦🇺Australia mingsong 🇦🇺

    The patch from MR !87 for local test.

  • Pipeline finished with Failed
    8 months ago
    Total: 227s
    #234356
  • Comment 8 months ago
    🇦🇺Australia mingsong 🇦🇺
  • Status changed to Needs review 8 months ago
  • Comment 8 months ago
    🇦🇺Australia mingsong 🇦🇺
  • First commit to issue fork.
  • Comment 8 months ago
    🇮🇳India ankitv18

    ankitv18 changed the visibility of the branch 3442714-ajax-error-when to hidden.

  • Pipeline finished with Success
    8 months ago
    Total: 170s
    #239361
  • Comment 10 days ago
    🇨🇭Switzerland tcrawford

    We have the same symptom, but a slightly different cause and therefore MR87 does not work for us.
    In our case, we have a custom form mode and $form['account']['pass'] is not set at all. Therefore, the check falsely identifies the password as being mutable.

    $password_mutable = $form['account']['pass']['#access'] ?? TRUE;

    I would suggest the check could be changed to the following, where we check if the pass field is even present and if so check the access to that. I would also reverse the order of the and as it is less expensive that way.

      $password_mutable = (isset($form['account']['pass']) && ($form['account']['pass']['#access'] ?? TRUE));

  // Load form if relevant.
  if ($password_mutable && \Drupal::service('password_policy.validation_manager')->tableShouldBeVisible()) {

    The check also needs to be added to check if validation should run (otherwise we just don't show the table rows, but validation will still catch us). That possibly should be though in the PasswordPolicyValidationManager.

    if ($password_mutable && \Drupal::service('password_policy.validation_manager')->validationShouldRun()) {
    $form['#validate'][] = '_password_policy_user_profile_form_validate';
    $form['#after_build'][] = '_password_policy_user_profile_form_after_build';
  }
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024