core: fix UserSelfSerializer's save() overwriting other user attributes

closes #2070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-06 18:23:06 +01:00
parent 22d6621b02
commit 03503363e5
2 changed files with 14 additions and 0 deletions

View file

@ -156,6 +156,13 @@ class UserSelfSerializer(ModelSerializer):
raise ValidationError("Not allowed to change username.") raise ValidationError("Not allowed to change username.")
return username return username
def save(self, **kwargs):
if self.instance:
attributes: dict = self.instance.attributes
attributes.update(self.validated_data.get("attributes", {}))
self.validated_data["attributes"] = attributes
return super().save(**kwargs)
class Meta: class Meta:
model = User model = User

View file

@ -24,11 +24,18 @@ class TestUsersAPI(APITestCase):
def test_update_self(self): def test_update_self(self):
"""Test update_self""" """Test update_self"""
self.admin.attributes["foo"] = "bar"
self.admin.save()
self.admin.refresh_from_db()
self.client.force_login(self.admin) self.client.force_login(self.admin)
response = self.client.put( response = self.client.put(
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"} reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
) )
self.admin.refresh_from_db()
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(self.admin.attributes["foo"], "bar")
self.assertEqual(self.admin.username, "foo")
self.assertEqual(self.admin.name, "foo")
def test_update_self_name_denied(self): def test_update_self_name_denied(self):
"""Test update_self""" """Test update_self"""