Currently PUT /user API requests require a non-null password and will update the users password to be the new provided values.
While the clients should have this information readily available for the logged-in user, admins editing the user's other details etc won't have this.
The API should be able to accept NULL in these requests, and when NULL is received, the DB should interpret this as meaning "don't change the current password".
This requires a new plpgsql trigger on UPDATE operations to the users table.
Currently
PUT /user
API requests require a non-null password and will update the users password to be the new provided values.While the clients should have this information readily available for the logged-in user, admins editing the user's other details etc won't have this.
The API should be able to accept NULL in these requests, and when NULL is received, the DB should interpret this as meaning "don't change the current password".
This requires a new plpgsql trigger on UPDATE operations to the users table.