Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13514

The update user REST API operation updates non-specified properties

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 4.16.0
    • Fix Version/s: None
    • Component/s: REST API
    • Labels:
      None

      Description

      The update user REST API operation updates non-specified properties. Specifically, it defaults certain properties if they are not given a value.

      For example, image this starting point:

      {
        "name": "paco",
        "email": "paco@paco.com",
        "admin": true,
        "profileUpdatable": true,
        "internalPasswordDisabled": false,
        "lastLoggedInMillis": 0,
        "offlineMode": false
      }
      

      Then perform this operation:

      curl -XPOST -u admin:password http://localhost:8081/artifactory/api/security/users/pac -H "Content-Type: application/json" -d '{"email": "paco@foo.com"}'
      

      Notice the result:

      {
        "name": "paco",
        "email": "paco@foo.com",
        "admin": false,
        "profileUpdatable": true,
        "internalPasswordDisabled": false,
        "lastLoggedInMillis": 0,
        "offlineMode": false
      }
      

      The user is no longer an administrator. To avoid this, it is possible to perform GET, POST update with all the content but this is also problematic as some of those properties may have changed in between the calls.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              arturoa Arturo Aparicio
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: