Remote api: Combination of mailquota_get_by_user() and mail_user_update() rehashes password.
I load users with mailquota_get_by_user(), update some of their settings, and then save them one by one with mail_user_update()
Expected result: Only changed settings are updated.
Actual result: Along with changed settings, password is rehashed and user cannot log in.
Workaround: unset the password.
Proposal 1: Stop returning hashed password. I can not see why anyone should need it in the first place.
Proposal 2: Check by regex if 'updated' password is already hashed, or same as the hash in database, do not update password if it is.