UID can be changed from the API
Description
A user's UID can be changed via the API. This is not allowed in the GUI, and the API should reflect it.
Distribution Name and Version
Whatever is on demo.fusiondirectory.org
FusionDirectory Version
1.2
PHP version used
Whatever is on demo.fusiondirectory.org
Origin of php packages
Whatever is on demo.fusiondirectory.org
Steps to Reproduce
- use setfields() method in the API to set field 'uid'
- Observe user now has a new UID.
Expected behavior:
UID should not be changed, and FD should warn the user that changing the field is not allowed.
Actual behavior:
The UID of a user can be changed without warning (or error).
Reproduces how often:
100%
Additional Information
Example of JSON changing the uid of user uid=newuid,ou=people,dc=fusiondirectory,dc=org from 'newuid' (back) to 'user':
DEBUG:root:Posting this JSON:
{'params': ['aucqmpj43inps9e7e8elljc6r0', 'USER', 'uid=newuid,ou=people,dc=fusiondirectory,dc=org',
{'reference':
{'refs': None},
'userRoles': {'groupsMembership': ['cn=ogroup-test,ou=groups,dc=fusiondirectory,dc=org']},
'user': {'uid': 'user', 'base': 'dc=fusiondirectory,dc=org', 'givenName': 'antoine', 'description': 'Some description', 'cn': 'antoine foobar', 'sn': 'foobar', 'userPassword': '{SSHA}+fxT2utzO5JGkfgeHxIxdqQE3hTsUjtN'},
'ldapDump':
{'dump': None},
'personalInfo':
{'fdPhotoVisible': True, 'fdPrivateMail': ['private1@se.se', 'private2@se.se', 'private3@se.se', 'private4@se.se']},
'posixAccount': {'gecos': 'antoine foobar', 'groupMembership': ['cn=posixgroup-test,ou=groups,dc=fusiondirectory,dc=org'], 'force_ids': False, 'gidNumber': 1103, 'homeDirectory': '/hjhj', 'loginShell': '/bin/ash', 'posixStatus': 'active', 'mustchangepassword': False, 'shadowLastChange': 17625, 'uidNumber': 1102, 'primaryGroup': 1103}
}], 'id': '123', 'method': 'setfields'
}