Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/LizandroCanul/back_sdo/llms.txt

Use this file to discover all available pages before exploring further.

Permission Required - Only admins or the account owner can update user details.

Overview

Update user account information. Users can update their own profile, and admins can update any user. When the password is changed, it’s automatically re-encrypted and mustChangePassword is set to false.

Authentication

Requires a valid JWT token. The authenticated user must be either:
  • An admin (can update any user)
  • The owner of the account (can only update their own profile)
Authorization: Bearer YOUR_JWT_TOKEN

Path Parameters

id
string (UUID)
required
The unique identifier of the user to update

Request Body

All fields are optional. Only include fields you want to update.
nombreCompleto
string
User’s full name. Minimum 3 characters if provided.
email
string
User’s email address. Must be valid email format and unique.
password
string
New password. Minimum 6 characters. Will be encrypted and sets mustChangePassword to false.
roles
string
User role. Must be either admin or user.
isActive
boolean
Whether the user account is active.
mustChangePassword
boolean
Flag to force password change on next login.

Response

Returns the updated user object (password field is excluded).
id
string (UUID)
User’s unique identifier
email
string
User’s email address
nombreCompleto
string
User’s full name
roles
string
User role: admin or user
isActive
boolean
Account active status
mustChangePassword
boolean
Password change requirement flag
createdAt
string (ISO 8601)
Timestamp when the user was created
updatedAt
string (ISO 8601)
Timestamp when the user was last updated

Example Requests

Update Profile
curl -X PATCH https://api.yucatan.gob.mx/users/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "nombreCompleto": "Juan Carlos Pérez"
  }'
Change Password
curl -X PATCH https://api.yucatan.gob.mx/users/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "NewSecurePass123"
  }'

Example Response

200 Success
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "juan@yucatan.gob.mx",
  "nombreCompleto": "Juan Carlos Pérez",
  "roles": "user",
  "isActive": true,
  "mustChangePassword": false,
  "createdAt": "2024-01-15T10:30:00.000Z",
  "updatedAt": "2024-03-03T16:45:00.000Z"
}
400 Bad Request
{
  "statusCode": 400,
  "message": "Validation failed (uuid is expected)",
  "error": "Bad Request"
}
403 Forbidden
{
  "statusCode": 403,
  "message": "No puedes modificar los datos de otro usuario."
}
404 Not Found
{
  "statusCode": 404,
  "message": "Usuario 550e8400-e29b-41d4-a716-446655440000 no encontrado"
}

Authorization Rules

The endpoint validates permissions as follows:
  1. Admin users: Can update any user’s information
  2. Regular users: Can only update their own profile (user.userId === id)
  3. Mismatch: If a regular user tries to update another user, returns 403 Forbidden
See implementation in /home/daytona/workspace/source/src/users/users.controller.ts:58

Special Behaviors

Password Update

When a password is provided:
  • It’s hashed using bcrypt with 10 salt rounds
  • mustChangePassword is automatically set to false
  • The password field is never returned in the response

Email Uniqueness

If you try to update to an email that already exists, you’ll receive a 400 error: 
{
  "statusCode": 400,
  "message": "El correo electrónico ya está registrado."
}