https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292019-05-20T04:35:50ZRedmineRedmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=918772019-05-20T04:35:50ZGo MAEDA
<ul><li><strong>Target version</strong> set to <i>Candidate for next major release</i></li></ul> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=920382019-05-26T07:20:48ZGo MAEDA
<ul><li><strong>Target version</strong> changed from <i>Candidate for next major release</i> to <i>4.1.0</i></li></ul><p>Setting the target version to 4.1.0.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=920512019-05-27T02:15:37ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Needs feedback</i></li><li><strong>Assignee</strong> set to <i>Jens Krämer</i></li></ul><p>I have tested the patch and found that the endpoint behaves the same for both POST and PUT requests. In other words, POST updates the account instead of creating an account.</p>
<p>IMHO, Redmine should not respond to POST API requests. Since users think that POST requests are used to create an object, admin may accidentally update their own account when trying to create a new account (of course, they should be more carefully).</p>
<p>What are your thoughts on that?</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=920592019-05-27T06:19:56ZJens Krämerjk@jkraemer.net
<ul></ul><p>Yes, the thought that POST is not really nice there crossed my mind, but in order to keep the patch as small as possible I sticked to it since that is what the web form uses as well. If we change the API method to PUT, I would vote for changing the method used by the /my/account form to PUT, as well. What do you think?</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=920602019-05-27T06:42:07ZGo MAEDA
<ul></ul><p>Jens Krämer wrote:</p>
<blockquote>
<p>If we change the API method to PUT, I would vote for changing the method used by the /my/account form to PUT, as well. What do you think?</p>
</blockquote>
<p>Sounds nice, it makes things consistent. I am in favor of it.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=920632019-05-27T08:01:43ZJens Krämerjk@jkraemer.net
<ul></ul><p>OK, then I will come up with a patch for that :)</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=923142019-06-11T06:57:00ZJens Krämerjk@jkraemer.net
<ul><li><strong>File</strong> <a href="/attachments/23276">0002-changes-my-account-html-form-to-put.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/23276/0002-changes-my-account-html-form-to-put.patch">0002-changes-my-account-html-form-to-put.patch</a> added</li></ul><p>here's a second patch which changes the HTML form method to <code>PUT</code> and removes support for <code>POST</code> on that endpoint.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=923472019-06-13T08:16:45ZGo MAEDA
<ul></ul><p>Thank you for updating the patch but some tests fail after applying the second patch. Could you look into these errors?</p>
<pre>
Failure:
SudoModeTest#test_update_email_address [/Users/maeda/redmines/trunk/test/integration/sudo_mode_test.rb:153]:
Expected response to be a <2XX: success>, but was a <404: Not Found>
bin/rails test test/integration/sudo_mode_test.rb:147
</pre>
<pre>
Failure:
RoutingMyTest#test_my [/Users/maeda/redmines/trunk/test/test_helper.rb:296]:
No route matches "/my/account"
bin/rails test test/integration/routing/my_test.rb:23
</pre> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=923562019-06-14T07:45:10ZJens Krämerjk@jkraemer.net
<ul><li><strong>File</strong> <a href="/attachments/23309">0003-lets-sudo-mode-handle-PUT-on-my-account-makes-tests-.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/23309/0003-lets-sudo-mode-handle-PUT-on-my-account-makes-tests-.patch">0003-lets-sudo-mode-handle-PUT-on-my-account-makes-tests-.patch</a> added</li></ul><p>Indeed there was a bug - I forgot to change the sudo mode requirement in the controller to <code>PUT</code>. I also changed the tests to do PUT requests now / expect PUT to be routed instead of POST.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=923622019-06-16T09:35:17ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>Needs feedback</i> to <i>Resolved</i></li><li><strong>Assignee</strong> changed from <i>Jens Krämer</i> to <i>Go MAEDA</i></li></ul><p>Committed the patch. Thank you for your contribution.</p>
<p>The API document should be updated later.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=924972019-06-20T14:10:34ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul><p>Documentation to be added here <a class="wiki-page" href="https://www.redmine.org/projects/redmine/wiki/Rest_MyAccount">Rest_MyAccount</a>.</p> Redmine - Patch #31399: make /my/account endpoint accessible through APIhttps://www.redmine.org/issues/31399?journal_id=981962020-06-14T12:49:42ZGo MAEDA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/19301">Feature #19301</a>: Let non admin users update their account via the REST API</i> added</li></ul>