Details
Description
When using the Crowd Rest API to update a user one can send an xml message like this to activate a user:
<user name=USERNAME> <active>true</active> </user>
This update will succeed leaving the user in an invalid state:
- The email address is empty
- The first name is empty
- The last name now contains the username
I suggest the following fixes:
- Make sure you can never leave a user in an invalid state. In this case I would expect another status_code
- Not providing a field should not result in emptying it when updating.