diff --git a/assets/src/utils/auth.js b/assets/src/utils/auth.js
index 4bbd03b2..290b0ed3 100644
--- a/assets/src/utils/auth.js
+++ b/assets/src/utils/auth.js
@@ -8,6 +8,11 @@ function parseToken (token) {
   document.cookie = `auth=${token}; max-age=86400; path=${path}`
   let res = token.split('.')
   let user = JSON.parse(window.atob(res[1]))
+
+  if (!user.commands) {
+    user.commands = []
+  }
+
   store.commit('setJWT', token)
   store.commit('setUser', user)
 }
diff --git a/assets/src/views/settings/User.vue b/assets/src/views/settings/User.vue
index 6619e17b..562462cf 100644
--- a/assets/src/views/settings/User.vue
+++ b/assets/src/views/settings/User.vue
@@ -163,11 +163,14 @@ export default {
         this.lockPassword = user.lockPassword
         this.filesystem = user.filesystem
         this.username = user.username
-        this.commands = user.commands.join(' ')
         this.css = user.css
         this.permissions = user.permissions
         this.locale = user.locale
 
+        if (user.commands) {
+          this.commands = user.commands.join(' ')
+        }
+
         for (let rule of user.rules) {
           if (rule.allow) {
             this.rules += 'allow '
diff --git a/rice-box.go.REMOVED.git-id b/rice-box.go.REMOVED.git-id
deleted file mode 100644
index 8aefbb45..00000000
--- a/rice-box.go.REMOVED.git-id
+++ /dev/null
@@ -1 +0,0 @@
-88021017420cd941317b4af47937c56060e5b104
\ No newline at end of file