check if the field the user wants to change is indeed in the FIELD_VA…

…LIDATORS ( aka in the field the user is authorized to change)
tdameros · Mar 12, 2024 · 0c6f814 · 0c6f814
1 parent 55c40cc
commit 0c6f814
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/user_management/src/user/views/update_infos.py b/user_management/src/user/views/update_infos.py
@@ -33,6 +33,9 @@ def update_infos(user_id, json_request):
             return False, errors
 
         for field in change_list:
+            if field not in UserUpdateInfosManager.FIELD_VALIDATORS.keys():
+                errors.append(f'Field {field} is not valid')
+                return False, errors
             value = json_request.get(field)
             success, update_errors = UserUpdateInfosManager.update_user_field(user_id, field, value)
             if not success: