[RTFACT-13514] The update user REST API operation updates non-specified properties Created: 27/Jan/17  Updated: 15/Nov/17

Status: Open
Project: Artifactory Binary Repository
Component/s: REST API
Affects Version/s: 4.16.0
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Arturo Aparicio Assignee: Unassigned
Resolution: Unresolved Votes: 2
Labels: None


 Description   

The update user REST API operation updates non-specified properties. Specifically, it defaults certain properties if they are not given a value.

For example, image this starting point:

{
  "name": "paco",
  "email": "paco@paco.com",
  "admin": true,
  "profileUpdatable": true,
  "internalPasswordDisabled": false,
  "lastLoggedInMillis": 0,
  "offlineMode": false
}

Then perform this operation:

curl -XPOST -u admin:password http://localhost:8081/artifactory/api/security/users/pac -H "Content-Type: application/json" -d '{"email": "paco@foo.com"}'

Notice the result:

{
  "name": "paco",
  "email": "paco@foo.com",
  "admin": false,
  "profileUpdatable": true,
  "internalPasswordDisabled": false,
  "lastLoggedInMillis": 0,
  "offlineMode": false
}

The user is no longer an administrator. To avoid this, it is possible to perform GET, POST update with all the content but this is also problematic as some of those properties may have changed in between the calls.


Generated at Wed Feb 19 05:17:41 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.