[PR #23487] [CLOSED] fix: make UserUpdateForm fields optional to allow partial user updates #66074

New Issue

GiteaMirror · 2026-05-06T12:11:28-05:00

GiteaMirror commented

2026-05-06 12:11:28 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23487
Author: @theshivam7
Created: 4/7/2026
Status: ❌ Closed

Base: dev ← Head: fix/user-update-optional-fields

📝 Commits (2)

8462426 fix: make UserUpdateForm fields optional to allow partial user updates
0758d63 fix: reject empty update payload with 400

📊 Changes

2 files changed (+29 additions, -13 deletions)

View changed files

📝 backend/open_webui/models/users.py (+7 -5)
📝 backend/open_webui/routers/users.py (+22 -8)

📄 Description

Pull Request Checklist

Target branch: dev
Description: Provided below
Testing: Verified by code inspection and logic review
Code review: Self-reviewed
Git Hygiene: Single atomic change, rebased on dev

Changelog Entry

Description

Fixes #23424

The POST /{user_id}/update endpoint required all fields (role, name, email, profile_image_url) in the request body, even when the caller only wanted to update a single field like role. Sending only {"role": "user"} resulted in a validation error listing all other fields as required.

Fixed

Made role, name, email, and profile_image_url optional (None by default) in UserUpdateForm
Router now only updates fields that are explicitly provided — unset fields retain their existing values
Email uniqueness check and Auths.update_email_by_id are skipped when email is not provided
Primary admin role guard now only triggers when role is explicitly set (not None)
profile_image_url validator skips None values correctly

Before:

// PATCH /api/v1/users/{id}/update
{"role": "user"}
// → 422 Unprocessable Entity: name, email, profile_image_url are required

After:

{"role": "user"}
// → 200 OK — only role is updated, other fields unchanged

Additional Information

Changes: backend/open_webui/models/users.py, backend/open_webui/routers/users.py
No new imports or dependencies
password was already Optional — this PR makes the remaining fields consistent

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23487 **Author:** [@theshivam7](https://github.com/theshivam7) **Created:** 4/7/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/user-update-optional-fields` --- ### 📝 Commits (2) - [`8462426`](https://github.com/open-webui/open-webui/commit/8462426be09f4de9d81ad8ec394ccf239b65c8ed) fix: make UserUpdateForm fields optional to allow partial user updates - [`0758d63`](https://github.com/open-webui/open-webui/commit/0758d63d73d23483a8ad65374b8b26c6ad7b5f8d) fix: reject empty update payload with 400 ### 📊 Changes **2 files changed** (+29 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/models/users.py` (+7 -5) 📝 `backend/open_webui/routers/users.py` (+22 -8) </details> ### 📄 Description # Pull Request Checklist - [x] **Target branch:** `dev` - [x] **Description:** Provided below - [x] **Testing:** Verified by code inspection and logic review - [x] **Code review:** Self-reviewed - [x] **Git Hygiene:** Single atomic change, rebased on `dev` --- # Changelog Entry ### Description Fixes #23424 The `POST /{user_id}/update` endpoint required all fields (`role`, `name`, `email`, `profile_image_url`) in the request body, even when the caller only wanted to update a single field like `role`. Sending only `{"role": "user"}` resulted in a validation error listing all other fields as required. ### Fixed - Made `role`, `name`, `email`, and `profile_image_url` optional (`None` by default) in `UserUpdateForm` - Router now only updates fields that are explicitly provided — unset fields retain their existing values - Email uniqueness check and `Auths.update_email_by_id` are skipped when `email` is not provided - Primary admin role guard now only triggers when `role` is explicitly set (not `None`) - `profile_image_url` validator skips `None` values correctly **Before:** ```json // PATCH /api/v1/users/{id}/update {"role": "user"} // → 422 Unprocessable Entity: name, email, profile_image_url are required ``` **After:** ```json {"role": "user"} // → 200 OK — only role is updated, other fields unchanged ``` --- ### Additional Information - Changes: `backend/open_webui/models/users.py`, `backend/open_webui/routers/users.py` - No new imports or dependencies - `password` was already `Optional` — this PR makes the remaining fields consistent ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-05-06 12:11:28 -05:00

GiteaMirror closed this issue

2026-05-06 12:11:32 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#66074