From ad815eae20e79495e5548343d3a986f847f826f4 Mon Sep 17 00:00:00 2001
From: Jim Laurie <j.laurie6993@gmail.com>
Date: Thu, 14 Jun 2018 17:15:49 +0200
Subject: [PATCH 1/2] Fix reset password SQL fix #1351

---
 .../controllers/Auth.js                                | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index a70990e23a..68ba66a8b8 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -114,8 +114,11 @@ module.exports = {
 
       user.password =  await strapi.plugins['users-permissions'].services.user.hashPassword(params);
 
+      // Remove relations data to update user code.
+      const data = _.omit(user, strapi.plugins['users-permissions'].models.user.associations.map(ast => ast.alias));
+
       // Update the user.
-      await strapi.query('user', 'users-permissions').update(user);
+      await strapi.query('user', 'users-permissions').update(data);
 
       ctx.send({
         jwt: strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user.toJSON ? user.toJSON() : user, ['_id', 'id'])),
@@ -203,8 +206,11 @@ module.exports = {
       return ctx.badRequest(null, err);
     }
 
+    // Remove relations data to update user code.
+    const data = _.omit(user, strapi.plugins['users-permissions'].models.user.associations.map(ast => ast.alias));
+
     // Update the user.
-    await strapi.query('user', 'users-permissions').update(user);
+    await strapi.query('user', 'users-permissions').update(data);
 
     ctx.send({ ok: true });
   },

From 1c3e6a4664e37805f10ceb9667ff0349dd20e1aa Mon Sep 17 00:00:00 2001
From: Jim Laurie <j.laurie6993@gmail.com>
Date: Thu, 14 Jun 2018 17:20:45 +0200
Subject: [PATCH 2/2] Update comment on reset password

---
 packages/strapi-plugin-users-permissions/controllers/Auth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index 68ba66a8b8..a97a9df50d 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -114,7 +114,7 @@ module.exports = {
 
       user.password =  await strapi.plugins['users-permissions'].services.user.hashPassword(params);
 
-      // Remove relations data to update user code.
+      // Remove relations data to update user password.
       const data = _.omit(user, strapi.plugins['users-permissions'].models.user.associations.map(ast => ast.alias));
 
       // Update the user.