Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-2634

Updating a user using Crowd REST API can leave user in invalid state

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: REST
    • Labels:
    • Environment:
      - Using the standalone version
      - CentOS 6.0 final
      - java version "1.6.0_14"
      Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
      Java HotSpot(TM) 64-Bit Server VM (build 14.0-b16, mixed mode)
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      When using the Crowd Rest API to update a user one can send an xml message like this to activate a user:

      <user name=USERNAME>
        <active>true</active>
      </user>
      

      This update will succeed leaving the user in an invalid state:

      • The email address is empty
      • The first name is empty
      • The last name now contains the username

      I suggest the following fixes:

      • Make sure you can never leave a user in an invalid state. In this case I would expect another status_code
      • Not providing a field should not result in emptying it when updating.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            larsvonk Lars Vonk
            Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: