mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-02 07:01:30 +00:00
fix: profile password patch method not allowed
This commit is contained in:
@@ -70,6 +70,8 @@ class UserProfileApi(generics.RetrieveUpdateAPIView):
|
||||
class UserPasswordApi(generics.RetrieveUpdateAPIView):
|
||||
permission_classes = (IsAuthenticated,)
|
||||
serializer_class = serializers.UserUpdatePasswordSerializer
|
||||
# patch 方法不允许,否则 old_password 不传会导致用户直接修改密码成功,安全风险大
|
||||
http_method_names = ['put', 'head', 'options']
|
||||
|
||||
def get_object(self):
|
||||
return self.request.user
|
||||
|
||||
Reference in New Issue
Block a user