Use helper for existence check. Avoid panic by fetching default values for field data

builtin/credential/userpass/path_users.go

@@ -60,12 +60,12 @@ func (b *backend) userExistenceCheck(req *logical.Request, data *framework.Field
 		return false, fmt.Errorf("missing username")
 	}
 
-	entry, err := req.Storage.Get("user/" + strings.ToLower(username))
+	userEntry, err := b.user(req.Storage, username)
 	if err != nil {
 		return false, err
 	}
 
-	return entry != nil, nil
+	return userEntry != nil, nil
 }
 
 func (b *backend) user(s logical.Storage, n string) (*UserEntry, error) {
@@ -150,11 +150,11 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 		userEntry.Policies = policies
 	}
 
-	ttlStrRaw, ttlSet := d.GetOk("ttl")
+	_, ttlSet := d.GetOk("ttl")
-	maxTTLStrRaw, maxTTLSet := d.GetOk("max_ttl")
+	_, maxTTLSet := d.GetOk("max_ttl")
 	if ttlSet || maxTTLSet {
-		ttlStr := ttlStrRaw.(string)
+		ttlStr := d.Get("ttl").(string)
-		maxTTLStr := maxTTLStrRaw.(string)
+		maxTTLStr := d.Get("max_ttl").(string)
 		userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
 		if err != nil {
 			return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil

website/source/docs/auth/userpass.html.md

@@ -102,6 +102,7 @@ necessary.
   <dt>Description</dt>
   <dd>
       Create a new user or update an existing user.
+      This path honors the distinction between the `create` and `update` capabilities inside ACL policies.
   </dd>
 
   <dt>Method</dt>