User Entity not calling _setPassword

Hi (again :slight_smile: ),

I’m now working through the Authentication section of the tutorial, CMS Tutorial - Authentication - 4.x

I’ve added the _setPassword function to User.php, but it is only being called for new users, not when I edit an existing user. Here’s my User.php file (with generated comments omitted):


namespace App\Model\Entity;

use Cake\ORM\Entity;
use Authentication\PasswordHasher\DefaultPasswordHasher;

class User extends Entity
    protected $_accessible = [
        'email' => true,
        'password' => true,
        'created' => true,
        'modified' => true,
        'articles' => true,

    protected $_hidden = [

    protected function _setPassword(string $password) : ?string
        if ( strlen($password) > 0 ) {
            $hashedPW = (new DefaultPasswordHasher())->hash($password);
            $this->Flash->success(__('Original password: {0}, hashed: {1}', $password, $hashedPW));
            return $hashedPW;
        $this->Flash->error('Original password is empty!');

Note that I’ve added a couple of Flash messages, which do not show up.

Did I miss something? How do I get the Entity to call _setPassword when saving an edit?

Oh! Figured it out. When editing I retyped the existing default password, which of course it detected as meaning “no change” so it didn’t call _setPassword().