From f14f115606a3a2231edbabb801b7b7a7f716bf26 Mon Sep 17 00:00:00 2001
From: Muhammad Faraz Maqsood <faraz.maqsood@arbisoft.com>
Date: Wed, 17 Apr 2024 14:29:27 +0500
Subject: [PATCH] change update profile API to bypass updation using client id
 and secret key (#532)

Co-authored-by: Muhammad Faraz  Maqsood <faraz.maqsood@A006-01130.local>
---
 openedx/core/djangoapps/user_api/accounts/api.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/openedx/core/djangoapps/user_api/accounts/api.py b/openedx/core/djangoapps/user_api/accounts/api.py
index 4e1c6b426dbc..ade41cbce405 100644
--- a/openedx/core/djangoapps/user_api/accounts/api.py
+++ b/openedx/core/djangoapps/user_api/accounts/api.py
@@ -136,8 +136,9 @@ def update_account_settings(requesting_user, update, username=None):
     # Get user
     if username is None:
         username = requesting_user.username
-    if requesting_user.username != username:
-        raise errors.UserNotAuthorized()
+    # For SDAIA, for the time being until SAML functionality is not implemented.
+    # if requesting_user.username != username:
+    #     raise errors.UserNotAuthorized()
     user, user_profile = _get_user_and_profile(username)
 
     # Validate fields to update