From 6fab6d94cef853ed0d081dcea0fbfe390047b1c8 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Fri, 3 Feb 2017 15:49:27 +0100 Subject: [PATCH] Optionally make users created via the API set their password --- .../1051-api-create-users-without-password.yml | 4 ++++ doc/api/users.md | 5 +++-- lib/api/users.rb | 16 ++++++++++++++-- spec/requests/api/users_spec.rb | 12 ++++++++++++ 4 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 changelogs/unreleased/1051-api-create-users-without-password.yml diff --git a/changelogs/unreleased/1051-api-create-users-without-password.yml b/changelogs/unreleased/1051-api-create-users-without-password.yml new file mode 100644 index 00000000000..24b5a73b45c --- /dev/null +++ b/changelogs/unreleased/1051-api-create-users-without-password.yml @@ -0,0 +1,4 @@ +--- +title: Optionally make users created via the API set their password +merge_request: 8957 +author: Joost Rijneveld diff --git a/doc/api/users.md b/doc/api/users.md index fea9bdf9639..ed3469521fc 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -216,7 +216,7 @@ Parameters: ## User creation -Creates a new user. Note only administrators can create new users. +Creates a new user. Note only administrators can create new users. Either `password` or `reset_password` should be specified (`reset_password` takes priority). ``` POST /users @@ -225,7 +225,8 @@ POST /users Parameters: - `email` (required) - Email -- `password` (required) - Password +- `password` (optional) - Password +- `reset_password` (optional) - Send user password reset link - true or false(default) - `username` (required) - Username - `name` (required) - Name - `skype` (optional) - Skype ID diff --git a/lib/api/users.rb b/lib/api/users.rb index 0ed468626b7..500697af633 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -82,7 +82,9 @@ module API end params do requires :email, type: String, desc: 'The email of the user' - requires :password, type: String, desc: 'The password of the new user' + optional :password, type: String, desc: 'The password of the new user' + optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token' + at_least_one_of :password, :reset_password requires :name, type: String, desc: 'The name of the user' requires :username, type: String, desc: 'The username of the user' use :optional_attributes @@ -94,8 +96,18 @@ module API user_params = declared_params(include_missing: false) identity_attrs = user_params.slice(:provider, :extern_uid) confirm = user_params.delete(:confirm) + user = User.new(user_params.except(:extern_uid, :provider, :reset_password)) + + if user_params.delete(:reset_password) + user.attributes = { + force_random_password: true, + password_expires_at: nil, + created_by_id: current_user.id + } + user.generate_password + user.generate_reset_token + end - user = User.new(user_params.except(:extern_uid, :provider)) user.skip_confirmation! unless confirm if identity_attrs.any? diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 8692f9da976..5958012672e 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -190,6 +190,18 @@ describe API::Users, api: true do expect(new_user.external).to be_truthy end + it "creates user with reset password" do + post api('/users', admin), attributes_for(:user, reset_password: true).except(:password) + + expect(response).to have_http_status(201) + + user_id = json_response['id'] + new_user = User.find(user_id) + + expect(new_user).not_to eq(nil) + expect(new_user.recently_sent_password_reset?).to eq(true) + end + it "does not create user with invalid email" do post api('/users', admin), email: 'invalid email',