server/AyaNova/biz/UserBiz.cs

@@ -385,13 +385,16 @@ namespace AyaNova.Biz
             putObject.Tags = TagBiz.NormalizeTags(putObject.Tags);
             putObject.CustomFields = JsonUtil.CompactJson(putObject.CustomFields);
 
-            //the salt is not sent with the put object, it's only location is in the db and since this putObject is replacing the dbObject
-            //we need to set it again here
+            //Fields not sent with the put object
+            //(it's only location is in the db and since this putObject is replacing the dbObject we need to set it again here)
             putObject.Salt = dbObject.Salt;
-            
-            var OriginalPW = dbObject.Password;
-            var OriginalLogin = dbObject.Login;
-            ct.Replace(dbObject, putObject);
+            putObject.CurrentAuthToken=dbObject.CurrentAuthToken;
+            putObject.DlKey=dbObject.DlKey;
+            putObject.DlKeyExpire=dbObject.DlKeyExpire;
+            putObject.PasswordResetCode=dbObject.PasswordResetCode;
+            putObject.PasswordResetCodeExpire=dbObject.PasswordResetCodeExpire;
+
+
             //NOTE: It's valid to call this without intending to change login or password (null values)
             //Is the user updating the password?
             if (!string.IsNullOrWhiteSpace(putObject.Password))
@@ -402,18 +405,18 @@ namespace AyaNova.Biz
             else
             {
                 //No, use the snapshot password value
-                putObject.Password = OriginalPW;               
+                putObject.Password = dbObject.Password;
             }
             //Updating login?
             if (string.IsNullOrWhiteSpace(putObject.Login))
             {
                 //No, use the original value
-                putObject.Login = OriginalLogin;
+                putObject.Login = dbObject.Login;
             }
 
             await ValidateAsync(putObject, dbObject);
             if (HasErrors) return null;
-
+            ct.Replace(dbObject, putObject);
             try
             {
                 await ct.SaveChangesAsync();

server/AyaNova/models/User.cs

@@ -56,26 +56,9 @@ namespace AyaNova.Models
         public bool Active { get; set; }
         [Required, MaxLength(255)]
         public string Name { get; set; }
-
         public DateTime? LastLogin { get; set; }
-
         public string Login { get; set; }
         public string Password { get; set; }
-
-        [JsonIgnore]
-        public string Salt { get; set; }
-        [JsonIgnore]
-        public string CurrentAuthToken { get; set; }
-        [JsonIgnore]
-        public string DlKey { get; set; }
-        [JsonIgnore]
-        public DateTime? DlKeyExpire { get; set; }
-
-        [JsonIgnore]
-        public string PasswordResetCode { get; set; }
-        [JsonIgnore]
-        public DateTime? PasswordResetCodeExpire { get; set; }
-
         [Required]
         public AuthorizationRoles Roles { get; set; }
         [Required]
@@ -88,9 +71,24 @@ namespace AyaNova.Models
         public long? VendorId { get; set; }
         public string Wiki { get; set; }
         public string CustomFields { get; set; }
-
         public List<string> Tags { get; set; }
 
+        //======================
+        //NOT IN DTUSER CLASS
+        [JsonIgnore]
+        public string Salt { get; set; }//---
+        [JsonIgnore]
+        public string CurrentAuthToken { get; set; }//---
+        [JsonIgnore]
+        public string DlKey { get; set; }//---
+        [JsonIgnore]
+        public DateTime? DlKeyExpire { get; set; }//---
+        [JsonIgnore]
+        public string PasswordResetCode { get; set; }//---
+        [JsonIgnore]
+        public DateTime? PasswordResetCodeExpire { get; set; }//---
+        //==========================
+
         //relations
         //https://docs.microsoft.com/en-us/ef/core/modeling/relationships#other-relationship-patterns
         [JsonIgnore]//hide from being returned (as null anyway) with User object in routes