core: fix UserSelfSerializer's save() overwriting other user attributes
closes #2070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
22d6621b02
commit
03503363e5
|
@ -156,6 +156,13 @@ class UserSelfSerializer(ModelSerializer):
|
|||
raise ValidationError("Not allowed to change username.")
|
||||
return username
|
||||
|
||||
def save(self, **kwargs):
|
||||
if self.instance:
|
||||
attributes: dict = self.instance.attributes
|
||||
attributes.update(self.validated_data.get("attributes", {}))
|
||||
self.validated_data["attributes"] = attributes
|
||||
return super().save(**kwargs)
|
||||
|
||||
class Meta:
|
||||
|
||||
model = User
|
||||
|
|
|
@ -24,11 +24,18 @@ class TestUsersAPI(APITestCase):
|
|||
|
||||
def test_update_self(self):
|
||||
"""Test update_self"""
|
||||
self.admin.attributes["foo"] = "bar"
|
||||
self.admin.save()
|
||||
self.admin.refresh_from_db()
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.put(
|
||||
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
|
||||
)
|
||||
self.admin.refresh_from_db()
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(self.admin.attributes["foo"], "bar")
|
||||
self.assertEqual(self.admin.username, "foo")
|
||||
self.assertEqual(self.admin.name, "foo")
|
||||
|
||||
def test_update_self_name_denied(self):
|
||||
"""Test update_self"""
|
||||
|
|
Reference in a new issue