Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13514

The update user REST API operation updates non-specified properties

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 4.16.0
    • Fix Version/s: None
    • Component/s: REST API
    • Labels:
      None

      Description

      The update user REST API operation updates non-specified properties. Specifically, it defaults certain properties if they are not given a value.

      For example, image this starting point:

      {
        "name": "paco",
        "email": "paco@paco.com",
        "admin": true,
        "profileUpdatable": true,
        "internalPasswordDisabled": false,
        "lastLoggedInMillis": 0,
        "offlineMode": false
      }
      

      Then perform this operation:

      curl -XPOST -u admin:password http://localhost:8081/artifactory/api/security/users/pac -H "Content-Type: application/json" -d '{"email": "paco@foo.com"}'
      

      Notice the result:

      {
        "name": "paco",
        "email": "paco@foo.com",
        "admin": false,
        "profileUpdatable": true,
        "internalPasswordDisabled": false,
        "lastLoggedInMillis": 0,
        "offlineMode": false
      }
      

      The user is no longer an administrator. To avoid this, it is possible to perform GET, POST update with all the content but this is also problematic as some of those properties may have changed in between the calls.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            arturoa Arturo Aparicio
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: