I am using a User model based on the one found in the basic and advanced app that uses password_hash. I’m having trouble finding the best practice for dealing with the creation and updating of a user model when the password is not set directly. I have tried using scenarios as well as creating a specific UserCreate form and creating the User object inside that but both of these approaches seem off.
Looking for suggestions on how others have handled this.
IMO … best practices depend on a lot of things specific to your app and user requirements. If I understand correct, you do not want the user to set password during signup. For the Yii2 advanced app - you can set the password in the model this way:
// $user is the user model
$user->setPassword($attributes['password']);
Some more discussion on this in this discussion… in fact goes beyond the the topic of the discussion - to how models should be designed :-).