From dfb9f92971c2f4a1810c690dc782c147e73b654b Mon Sep 17 00:00:00 2001 From: Lukas Erlacher Date: Tue, 28 Oct 2014 21:10:16 +0100 Subject: [PATCH] Extend user add api - Add force_random_password parameter to have password of new user set randomly and expired - Remove unneeded password generation calls - Update docs --- CHANGELOG | 1 + app/controllers/admin/users_controller.rb | 1 - doc/api/users.md | 31 ++++++------ lib/api/users.rb | 60 ++++++++++++++++------- spec/requests/api/users_spec.rb | 4 +- 5 files changed, 62 insertions(+), 35 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 01ae3562ded..6f2fd6cf9df 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ v 7.5.0 - API: Add support for Hipchat (Kevin Houdebert) - Add time zone configuration on gitlab.yml (Sullivan Senechal) + - Add force_random_password option to user POST api - Fix LDAP authentication for Git HTTP access - Fix LDAP config lookup for provider 'ldap' diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index baad9095b70..3ac59262241 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -45,7 +45,6 @@ class Admin::UsersController < Admin::ApplicationController @user = User.new(user_params.merge(opts)) @user.created_by_id = current_user.id - @user.generate_password @user.generate_reset_token @user.skip_confirmation! diff --git a/doc/api/users.md b/doc/api/users.md index 3fdd3a75e88..6c4c142d4e8 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -146,7 +146,7 @@ Parameters: ## User creation -Creates a new user. Note only administrators can create new users. +Creates a new user. Note only administrators can create new users. If `force_random_password` is set, user is created as if done from the admin control panel. ``` POST /users @@ -154,20 +154,21 @@ POST /users Parameters: -- `email` (required) - Email -- `password` (required) - Password -- `username` (required) - Username -- `name` (required) - Name -- `skype` (optional) - Skype ID -- `linkedin` (optional) - LinkedIn -- `twitter` (optional) - Twitter account -- `website_url` (optional) - Website URL -- `projects_limit` (optional) - Number of projects user can create -- `extern_uid` (optional) - External UID -- `provider` (optional) - External provider name -- `bio` (optional) - User's biography -- `admin` (optional) - User is admin - true or false (default) -- `can_create_group` (optional) - User can create groups - true or false +- `email` (required) - Email +- `password` (required unless force_random_password is set) - Password +- `force_random_password` (true/false; required unless password is set) - generate random password for user +- `username` (required) - Username +- `name` (required) - Name +- `skype` (optional) - Skype ID +- `linkedin` (optional) - LinkedIn +- `twitter` (optional) - Twitter account +- `website_url` (optional) - Website URL +- `projects_limit` (optional) - Number of projects user can create +- `extern_uid` (optional) - External UID +- `provider` (optional) - External provider name +- `bio` (optional) - User's biography +- `admin` (optional) - User is admin - true or false (default) +- `can_create_group` (optional) - User can create groups - true or false ## User modification diff --git a/lib/api/users.rb b/lib/api/users.rb index d07815a8a97..3000fa51b36 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -40,29 +40,55 @@ module API # Create user. Available only for admin # # Parameters: - # email (required) - Email - # password (required) - Password - # name (required) - Name - # username (required) - Name - # skype - Skype ID - # linkedin - Linkedin - # twitter - Twitter account - # website_url - Website url - # projects_limit - Number of projects user can create - # extern_uid - External authentication provider UID - # provider - External provider - # bio - Bio - # admin - User is admin - true or false (default) - # can_create_group - User can create groups - true or false + # email (required) - Email + # password (required unless force_random_password set) - Password + # force_random_password (required unless password set) - generate random password for user - true or false + # name (required) - Name + # username (required) - Name + # skype - Skype ID + # linkedin - Linkedin + # twitter - Twitter account + # website_url - Website url + # projects_limit - Number of projects user can create + # extern_uid - External authentication provider UID + # provider - External provider + # bio - Bio + # admin - User is admin - true or false (default) + # can_create_group - User can create groups - true or false # Example Request: # POST /users post do authenticated_as_admin! - required_attributes! [:email, :password, :name, :username] - attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin] - user = User.build_user(attrs) + + required_attributes! [:email, :name, :username] + attrs = attributes_for_keys [:email, :name, :skype, :linkedin, + :twitter, :projects_limit, :username, + :extern_uid, :provider, :bio, + :can_create_group, :admin] + + force_random = params[:force_random_password] && + (params[:force_random_password].to_i > 0) + + if params[:password] && !force_random + attrs[:password] = params[:password] + elsif force_random && !params[:password] + attrs[:force_random_password] = true + else + render_api_error!('Either password or force_random_password'\ + ' must be set', 400) + end + admin = attrs.delete(:admin) + user = User.new(attrs) + user.admin = admin unless admin.nil? + if force_random + user.created_by_id = current_user.id + user.password_expires_at = nil + user.generate_reset_token + user.skip_confirmation! + end + if user.save present user, with: Entities::UserFull else diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index bc1598273be..20c91897dc9 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -145,8 +145,8 @@ describe API::API, api: true do '\'_\', optionally preceeded by \'.\'. It must not end in \'.git\'.'] end - it "shouldn't available for non admin users" do - post api("/users", user), attributes_for(:user) + it "shouldn't be available for non admin users" do + post api('/users', user), attributes_for(:user) response.status.should == 403 end -- GitLab