Ivan Fioravanti - 130 - Mar 5, 2014

Probably a stupid question, but while reading RegisterService code i see: 

        ///     Logic to update UserAuth from Registration info, not enabled on OnPut because of security.
        public object UpdateUserAuth(Register request)

Why can’t I use PUT in order to update a user? To avoid security issues we’re planning to build a CustomRegisterService that has CurrentPassword as parameter. So we can use it together with username in order to check that user is valid.

Are we missing other security issues?

Moreover existing logic in RegisterService does not allow update of existing users because there is a validator blocking call if UserName already exists.


Ok I just enabled Register from PUT as well in this commit: