diff --git a/CHANGELOG b/CHANGELOG index 01ae3562dedcc7b7bb7ac2c0b0d430e40628823e..6f2fd6cf9df9aca44fe4a1f02a3a2bacfc916d63 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ v 7.5.0 - API: Add support for Hipchat (Kevin Houdebert) - Add time zone configuration on gitlab.yml (Sullivan Senechal) + - Add force_random_password option to user POST api - Fix LDAP authentication for Git HTTP access - Fix LDAP config lookup for provider 'ldap' diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index baad9095b70832695c6e2fce8e01ff6727032e77..3ac59262241fda9995e6381c0c3256fc7b818ffb 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -45,7 +45,6 @@ class Admin::UsersController < Admin::ApplicationController @user = User.new(user_params.merge(opts)) @user.created_by_id = current_user.id - @user.generate_password @user.generate_reset_token @user.skip_confirmation! diff --git a/doc/api/users.md b/doc/api/users.md index 3fdd3a75e888d99e9f02cc085332b469795953c9..6c4c142d4e89c94df30ba686c44782dcfeee8bcb 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -146,7 +146,7 @@ Parameters: ## User creation -Creates a new user. Note only administrators can create new users. +Creates a new user. Note only administrators can create new users. If `force_random_password` is set, user is created as if done from the admin control panel. ``` POST /users @@ -154,20 +154,21 @@ POST /users Parameters: -- `email` (required) - Email -- `password` (required) - Password -- `username` (required) - Username -- `name` (required) - Name -- `skype` (optional) - Skype ID -- `linkedin` (optional) - LinkedIn -- `twitter` (optional) - Twitter account -- `website_url` (optional) - Website URL -- `projects_limit` (optional) - Number of projects user can create -- `extern_uid` (optional) - External UID -- `provider` (optional) - External provider name -- `bio` (optional) - User's biography -- `admin` (optional) - User is admin - true or false (default) -- `can_create_group` (optional) - User can create groups - true or false +- `email` (required) - Email +- `password` (required unless force_random_password is set) - Password +- `force_random_password` (true/false; required unless password is set) - generate random password for user +- `username` (required) - Username +- `name` (required) - Name +- `skype` (optional) - Skype ID +- `linkedin` (optional) - LinkedIn +- `twitter` (optional) - Twitter account +- `website_url` (optional) - Website URL +- `projects_limit` (optional) - Number of projects user can create +- `extern_uid` (optional) - External UID +- `provider` (optional) - External provider name +- `bio` (optional) - User's biography +- `admin` (optional) - User is admin - true or false (default) +- `can_create_group` (optional) - User can create groups - true or false ## User modification diff --git a/lib/api/users.rb b/lib/api/users.rb index d07815a8a9774577d4abe5d9af78666d887dc334..3000fa51b364e39d133bc256d2fb80d5904a5418 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -40,29 +40,55 @@ module API # Create user. Available only for admin # # Parameters: - # email (required) - Email - # password (required) - Password - # name (required) - Name - # username (required) - Name - # skype - Skype ID - # linkedin - Linkedin - # twitter - Twitter account - # website_url - Website url - # projects_limit - Number of projects user can create - # extern_uid - External authentication provider UID - # provider - External provider - # bio - Bio - # admin - User is admin - true or false (default) - # can_create_group - User can create groups - true or false + # email (required) - Email + # password (required unless force_random_password set) - Password + # force_random_password (required unless password set) - generate random password for user - true or false + # name (required) - Name + # username (required) - Name + # skype - Skype ID + # linkedin - Linkedin + # twitter - Twitter account + # website_url - Website url + # projects_limit - Number of projects user can create + # extern_uid - External authentication provider UID + # provider - External provider + # bio - Bio + # admin - User is admin - true or false (default) + # can_create_group - User can create groups - true or false # Example Request: # POST /users post do authenticated_as_admin! - required_attributes! [:email, :password, :name, :username] - attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin] - user = User.build_user(attrs) + + required_attributes! [:email, :name, :username] + attrs = attributes_for_keys [:email, :name, :skype, :linkedin, + :twitter, :projects_limit, :username, + :extern_uid, :provider, :bio, + :can_create_group, :admin] + + force_random = params[:force_random_password] && + (params[:force_random_password].to_i > 0) + + if params[:password] && !force_random + attrs[:password] = params[:password] + elsif force_random && !params[:password] + attrs[:force_random_password] = true + else + render_api_error!('Either password or force_random_password'\ + ' must be set', 400) + end + admin = attrs.delete(:admin) + user = User.new(attrs) + user.admin = admin unless admin.nil? + if force_random + user.created_by_id = current_user.id + user.password_expires_at = nil + user.generate_reset_token + user.skip_confirmation! + end + if user.save present user, with: Entities::UserFull else diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index bc1598273bed59f0c19524fe114eed73cf02daf8..20c91897dc9ddfe6b859d8cf7f2d2b5c411f436a 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -145,8 +145,8 @@ describe API::API, api: true do '\'_\', optionally preceeded by \'.\'. It must not end in \'.git\'.'] end - it "shouldn't available for non admin users" do - post api("/users", user), attributes_for(:user) + it "shouldn't be available for non admin users" do + post api('/users', user), attributes_for(:user) response.status.should == 403 end