CakePHP在用户升级后自动更改密码

I have following constellation:

Table `users`
Table `profiles`

The profiles table is matched in the User-Model with hasOne and in Profile-Model to users with belongsTo.

Registration, login, everything works fine. After the first login, the user has to create a profiles entry with additional data. Also uploading a user image. The image-path is stored in the users table.

ProfilesController.php

public function add() {
    $profile = $this->Profile->find('count', array('recusrive'=>-1, 'conditions'=>array('Profile.user_id'=>$this->Auth->user('id'))));
    if($profile > 0) {
        debug("error 1"); exit;
    }

    if ($this->request->is('post')) {

        // move tmp image to uploads folder
        // ... code with uploading image

        // create profile
        $this->Profile->create();

        // unset uploaded picture
        $profile_image = $this->request->data['User']['image']['name'];
        unset($this->request->data['User']);

        // prepare data to save
        $profileSafeData = array();
        $profileSafeData['Profile'] = $this->request->data['Profile'];

        if(!$this->Profile->save($profileSafeData)) {
            debug("error 2"); exit;
        }
        // works correctly, profile created.

        // save image to user
        $this->loadModel('User');
        $user = $this->User->find('first', array('conditions'=>array('User.id'=>$this->Auth->user('id')), 'recursive'=>-1));
        $user['User']['image'] = $profile_image;

        if($this->User->save($user)) { // *** here *** comes the problem. the users password changes after this save.
            $this->Session->setFlash(__('Congratulations! Your profile has been created.'), 'flash/success');

            // update new session data
            $this->Session->write('Auth', $this->User->read(null, $this->Auth->User('id')));

            $this->redirect(array('action' => 'view'));
        } else {
            return $this->Session->setFlash(__('Profile image could not be added to your user'), 'flash/error');
        }
    }

In the last user find('first') you are including all fields.

The password is being read from the database, so its being included in the save() and being encrypted a second time.

Solution:

Just add fields option to the find('first') or unset the password index from the $user array.

$user = $this->User->find('first', array(
    'conditions'=>array('User.id'=>$this->Auth->user('id')), 
    'recursive'=>-1
    'fields' => array('id','image')
));