From 31d35666263dd0cc3e5074a3ae2a3f4f5bcbaf88 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 19 May 2021 13:30:55 +0100 Subject: [PATCH] Allowing null for global user endpoint properties. --- packages/worker/src/api/controllers/admin/users.js | 3 +++ packages/worker/src/api/routes/admin/users.js | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/packages/worker/src/api/controllers/admin/users.js b/packages/worker/src/api/controllers/admin/users.js index 68198223a2..82ca0df515 100644 --- a/packages/worker/src/api/controllers/admin/users.js +++ b/packages/worker/src/api/controllers/admin/users.js @@ -102,6 +102,9 @@ exports.self = async ctx => { if (ctx.request.body.password) { ctx.request.body.password = await hash(ctx.request.body.password) } + // don't allow sending up an ID/Rev, always use the existing one + delete ctx.request.body._id + delete ctx.request.body._rev const response = await db.put({ ...user, ...ctx.request.body, diff --git a/packages/worker/src/api/routes/admin/users.js b/packages/worker/src/api/routes/admin/users.js index 1f6aebb191..b3581b7e19 100644 --- a/packages/worker/src/api/routes/admin/users.js +++ b/packages/worker/src/api/routes/admin/users.js @@ -7,10 +7,10 @@ const router = Router() function buildUserSaveValidation(isSelf = false) { let schema = { - email: Joi.string(), + email: Joi.string().allow(null, ""), password: Joi.string().allow(null, ""), - firstName: Joi.string(), - lastName: Joi.string(), + firstName: Joi.string().allow(null, ""), + lastName: Joi.string().allow(null, ""), builder: Joi.object({ global: Joi.boolean().optional(), apps: Joi.array().optional(),