Force user password change for users created by admin

This commit is contained in:
Dmitriy Zaporozhets 2013-06-13 21:06:27 +03:00
parent 00882b3c33
commit 6838304a85
9 changed files with 118 additions and 76 deletions

View file

@ -55,8 +55,14 @@ class Admin::UsersController < Admin::ApplicationController
def create def create
admin = params[:user].delete("admin") admin = params[:user].delete("admin")
@admin_user = User.new(params[:user], as: :admin) opts = {
force_random_password: true,
password_expires_at: Time.now
}
@admin_user = User.new(params[:user].merge(opts), as: :admin)
@admin_user.admin = (admin && admin.to_i > 0) @admin_user.admin = (admin && admin.to_i > 0)
@admin_user.created_by_id = current_user.id
respond_to do |format| respond_to do |format|
if @admin_user.save if @admin_user.save

View file

@ -367,4 +367,8 @@ class User < ActiveRecord::Base
def accessible_deploy_keys def accessible_deploy_keys
DeployKey.in_projects(self.master_projects).uniq DeployKey.in_projects(self.master_projects).uniq
end end
def created_by
User.find_by_id(created_by_id) if created_by_id
end
end end

View file

@ -24,19 +24,25 @@
= f.text_field :email, required: true, autocomplete: "off" = f.text_field :email, required: true, autocomplete: "off"
%span.help-inline * required %span.help-inline * required
%fieldset - if @admin_user.new_record?
%legend Password %fieldset
.clearfix %legend Password
= f.label :password
.input= f.password_field :password, disabled: f.object.force_random_password
.clearfix
= f.label :password_confirmation
.input= f.password_field :password_confirmation, disabled: f.object.force_random_password
-if f.object.new_record?
.clearfix .clearfix
= f.label :force_random_password do = f.label :password
%span Generate random password .input
.input= f.check_box :force_random_password, {}, true, nil %strong
A temporary password will be generated and sent to user.
%br
User will be forced to change it after first sign in
- else
%fieldset
%legend Password
.clearfix
= f.label :password
.input= f.password_field :password, disabled: f.object.force_random_password
.clearfix
= f.label :password_confirmation
.input= f.password_field :password_confirmation, disabled: f.object.force_random_password
%fieldset %fieldset
%legend Access %legend Access

View file

@ -1,32 +1,65 @@
%h3.page_title
User:
= @admin_user.name
- if @admin_user.blocked?
%span.cred (Blocked)
- if @admin_user.admin
%span.cred (Admin)
.pull-right
= link_to edit_admin_user_path(@admin_user), class: "btn grouped btn-small" do
%i.icon-edit
Edit
- unless @admin_user == current_user
- if @admin_user.blocked?
= link_to 'Unblock', unblock_admin_user_path(@admin_user), method: :put, class: "btn grouped btn-small success"
- else
= link_to 'Block', block_admin_user_path(@admin_user), confirm: 'USER WILL BE BLOCKED! Are you sure?', method: :put, class: "btn grouped btn-small btn-remove"
= link_to 'Destroy', [:admin, @admin_user], confirm: "USER #{@admin_user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn grouped btn-small btn-remove"
%hr
.row .row
.span6 .span6
%h3.page_title .ui-box
= image_tag gravatar_icon(@admin_user.email, 90), class: "avatar s90" %h5.title
= @admin_user.name Account:
- if @admin_user.blocked? .pull-right
%span.cred (Blocked) = image_tag gravatar_icon(@admin_user.email, 32), class: "avatar s32"
- if @admin_user.admin %ul.well-list
%span.cred (Admin) %li
.pull-right %span.light Name:
= link_to edit_admin_user_path(@admin_user), class: "btn pull-right" do %strong= @admin_user.name
%i.icon-edit %li
Edit %span.light Username:
%br %strong
%small @#{@admin_user.username} = @admin_user.username
%br %li
%small member since #{@admin_user.created_at.stamp("Nov 12, 2031")} %span.light Email:
.clearfix %strong
%hr = mail_to @admin_user.email
%p
%span.btn.btn-small %li
%i.icon-envelope %span.light Member since:
= mail_to @admin_user.email %strong
- unless @admin_user == current_user = @admin_user.created_at.stamp("Nov 12, 2031")
- if @admin_user.blocked?
= link_to 'Unblock', unblock_admin_user_path(@admin_user), method: :put, class: "btn btn-small success" %li
- else %span.light Last sign-in at:
= link_to 'Block', block_admin_user_path(@admin_user), confirm: 'USER WILL BE BLOCKED! Are you sure?', method: :put, class: "btn btn-small btn-remove" %strong
= link_to 'Destroy', [:admin, @admin_user], confirm: "USER #{@admin_user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn btn-small btn-remove" = @admin_user.last_sign_in_at.stamp("Nov 12, 2031")
- if @admin_user.ldap_user?
%li
%span.light LDAP uid:
%strong
= @admin_user.extern_uid
- if @admin_user.created_by
%li
%span.light Created by:
%strong
= link_to @admin_user.created_by.name, [:admin, @admin_user.created_by]
%hr %hr
%h5 %h5
Add User to Projects Add User to Projects
@ -67,11 +100,11 @@
.span6 .span6
= render 'users/profile', user: @admin_user
.ui-box .ui-box
%h5.title Projects (#{@projects.count}) %h5.title Projects (#{@projects.count})
%ul.well-list %ul.well-list
- @projects.sort_by(&:name_with_namespace).each do |project| - @projects.sort_by(&:name_with_namespace).each do |project|
- tm = project.team.get_tm(@admin_user.id)
%li %li
= link_to admin_project_path(project), class: dom_class(project) do = link_to admin_project_path(project), class: dom_class(project) do
- if project.namespace - if project.namespace
@ -79,16 +112,17 @@
\/ \/
%strong.well-title %strong.well-title
= truncate(project.name, length: 45) = truncate(project.name, length: 45)
%span.pull-right.light
- if project.owner == @admin_user - if project.owner == @admin_user
%i.icon-wrench %span.label.label-info owner
- tm = project.team.get_tm(@admin_user.id)
- if tm - if tm
= tm.project_access_human .pull-right
= link_to edit_admin_project_member_path(project, tm.user), class: "btn btn-small" do = link_to edit_admin_project_member_path(project, tm.user), class: "btn grouped btn-small" do
%i.icon-edit %i.icon-edit
= link_to admin_project_member_path(project, tm.user), confirm: remove_from_project_team_message(project, @admin_user), method: :delete, class: "btn btn-small btn-remove" do = link_to admin_project_member_path(project, tm.user), confirm: remove_from_project_team_message(project, @admin_user), method: :delete, class: "btn grouped btn-small btn-remove" do
%i.icon-remove %i.icon-remove
%p.light
%i.icon-wrench .pull-right.light
&ndash; user is a project owner = tm.project_access_human
&nbsp;

View file

@ -8,13 +8,14 @@
%p %p
login.......................................... login..........................................
%code= @user['email'] %code= @user['email']
%p
- unless Gitlab.config.gitlab.signup_enabled - if @user.created_by_id
%p
password.................................. password..................................
%code= @password %code= @password
%p %p
Please change your password immediately after login. You will be forced to change this password immediately after login.
%p %p
= link_to "Click here to login", root_url = link_to "Click here to login", root_url

View file

@ -3,10 +3,11 @@ Hi <%= @user.name %>!
The Administrator created an account for you. Now you are a member of company GitLab application. The Administrator created an account for you. Now you are a member of company GitLab application.
login.................. <%= @user.email %> login.................. <%= @user.email %>
<% unless Gitlab.config.gitlab.signup_enabled %> <% if @user.created_by_id %>
password............... <%= @password %> password............... <%= @password %>
You will be forced to change this password immediately after login.
<% end %> <% end %>
Please change your password immediately after login.
Click here to login: <%= url_for(root_url) %> Click here to login: <%= url_for(root_url) %>

View file

@ -0,0 +1,5 @@
class AddCreatedByIdToUser < ActiveRecord::Migration
def change
add_column :users, :created_by_id, :integer
end
end

View file

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20130613165816) do ActiveRecord::Schema.define(:version => 20130613173246) do
create_table "deploy_keys_projects", :force => true do |t| create_table "deploy_keys_projects", :force => true do |t|
t.integer "deploy_key_id", :null => false t.integer "deploy_key_id", :null => false
@ -293,6 +293,7 @@ ActiveRecord::Schema.define(:version => 20130613165816) do
t.integer "color_scheme_id", :default => 1, :null => false t.integer "color_scheme_id", :default => 1, :null => false
t.integer "notification_level", :default => 1, :null => false t.integer "notification_level", :default => 1, :null => false
t.datetime "password_expires_at" t.datetime "password_expires_at"
t.integer "created_by_id"
end end
add_index "users", ["admin"], :name => "index_users_on_admin" add_index "users", ["admin"], :name => "index_users_on_admin"

View file

@ -20,13 +20,10 @@ describe "Admin::Users" do
describe "GET /admin/users/new" do describe "GET /admin/users/new" do
before do before do
@password = "123ABC"
visit new_admin_user_path visit new_admin_user_path
fill_in "user_name", with: "Big Bang" fill_in "user_name", with: "Big Bang"
fill_in "user_username", with: "bang" fill_in "user_username", with: "bang"
fill_in "user_email", with: "bigbang@mail.com" fill_in "user_email", with: "bigbang@mail.com"
fill_in "user_password", with: @password
fill_in "user_password_confirmation", with: @password
end end
it "should create new user" do it "should create new user" do
@ -57,26 +54,13 @@ describe "Admin::Users" do
end end
it "should send valid email to user with email & password" do it "should send valid email to user with email & password" do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
User.observers.enable :user_observer do User.observers.enable :user_observer do
click_button "Create user" click_button "Create user"
user = User.last user = User.last
email = ActionMailer::Base.deliveries.last email = ActionMailer::Base.deliveries.last
email.subject.should have_content("Account was created") email.subject.should have_content("Account was created")
email.text_part.body.should have_content(user.email) email.text_part.body.should have_content(user.email)
email.text_part.body.should have_content(@password) email.text_part.body.should have_content('password')
end
end
it "should send valid email to user with email without password when signup is enabled" do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
User.observers.enable :user_observer do
click_button "Create user"
user = User.last
email = ActionMailer::Base.deliveries.last
email.subject.should have_content("Account was created")
email.text_part.body.should have_content(user.email)
email.text_part.body.should_not have_content(@password)
end end
end end
end end