core: fix UserSelfSerializer's save() overwriting other user attributes
closes #2070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
22d6621b02
commit
03503363e5
|
@ -156,6 +156,13 @@ class UserSelfSerializer(ModelSerializer):
|
||||||
raise ValidationError("Not allowed to change username.")
|
raise ValidationError("Not allowed to change username.")
|
||||||
return username
|
return username
|
||||||
|
|
||||||
|
def save(self, **kwargs):
|
||||||
|
if self.instance:
|
||||||
|
attributes: dict = self.instance.attributes
|
||||||
|
attributes.update(self.validated_data.get("attributes", {}))
|
||||||
|
self.validated_data["attributes"] = attributes
|
||||||
|
return super().save(**kwargs)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = User
|
model = User
|
||||||
|
|
|
@ -24,11 +24,18 @@ class TestUsersAPI(APITestCase):
|
||||||
|
|
||||||
def test_update_self(self):
|
def test_update_self(self):
|
||||||
"""Test update_self"""
|
"""Test update_self"""
|
||||||
|
self.admin.attributes["foo"] = "bar"
|
||||||
|
self.admin.save()
|
||||||
|
self.admin.refresh_from_db()
|
||||||
self.client.force_login(self.admin)
|
self.client.force_login(self.admin)
|
||||||
response = self.client.put(
|
response = self.client.put(
|
||||||
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
|
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
|
||||||
)
|
)
|
||||||
|
self.admin.refresh_from_db()
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertEqual(self.admin.attributes["foo"], "bar")
|
||||||
|
self.assertEqual(self.admin.username, "foo")
|
||||||
|
self.assertEqual(self.admin.name, "foo")
|
||||||
|
|
||||||
def test_update_self_name_denied(self):
|
def test_update_self_name_denied(self):
|
||||||
"""Test update_self"""
|
"""Test update_self"""
|
||||||
|
|
Reference in a new issue