summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2019-06-27 12:41:51 -0700
committerStan Hu <stanhu@gmail.com>2019-06-27 13:25:37 -0700
commitd6f20b55b8048442c06896fb5e2abed2a2e2574b (patch)
treee76b96c49f1a50c80c83b8d29fa36957200247d0
parente29a51360fb3a2b3f96e697110fd9542d6773880 (diff)
downloadgitlab-ce-d6f20b55b8048442c06896fb5e2abed2a2e2574b.tar.gz
Add support for creating random passwords in user creation APIsh-add-force-random-password-user-api
To avoid having to specify an actual password to create users, admins can now use the `force_random_password` parameter to let Devise generate a password. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63826
-rw-r--r--changelogs/unreleased/sh-add-force-random-password-user-api.yml5
-rw-r--r--doc/api/users.md56
-rw-r--r--lib/api/users.rb1
-rw-r--r--spec/requests/api/users_spec.rb19
4 files changed, 51 insertions, 30 deletions
diff --git a/changelogs/unreleased/sh-add-force-random-password-user-api.yml b/changelogs/unreleased/sh-add-force-random-password-user-api.yml
new file mode 100644
index 00000000000..29f36978a0f
--- /dev/null
+++ b/changelogs/unreleased/sh-add-force-random-password-user-api.yml
@@ -0,0 +1,5 @@
+---
+title: Add support for creating random passwords in user creation API
+merge_request: 30138
+author:
+type: changed
diff --git a/doc/api/users.md b/doc/api/users.md
index 4bc0335ae33..4667a985eb9 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -272,7 +272,14 @@ GET /users/:id?with_custom_attributes=true
## User creation
-Creates a new user. Note only administrators can create new users. Either `password` or `reset_password` should be specified (`reset_password` takes priority). If `reset_password` is `false`, then `password` is required.
+Creates a new user. Note only administrators can create new
+users. Either `password`, `reset_password`, or `force_random_password`
+must be specified. If `reset_password` and `force_random_password` are
+both `false`, then `password` is required.
+
+Note that `force_random_password` and `reset_password` take priority
+over `password`. In addition, `reset_password` and
+`force_random_password` can be used together.
```
POST /users
@@ -280,29 +287,30 @@ POST /users
Parameters:
-- `email` (required) - Email
-- `password` (optional) - Password
-- `reset_password` (optional) - Send user password reset link - true or false(default)
-- `username` (required) - Username
-- `name` (required) - Name
-- `skype` (optional) - Skype ID
-- `linkedin` (optional) - LinkedIn
-- `twitter` (optional) - Twitter account
-- `website_url` (optional) - Website URL
-- `organization` (optional) - Organization name
-- `projects_limit` (optional) - Number of projects user can create
-- `extern_uid` (optional) - External UID
-- `provider` (optional) - External provider name
-- `group_id_for_saml` (optional) - ID of group where SAML has been configured
-- `bio` (optional) - User's biography
-- `location` (optional) - User's location
-- `public_email` (optional) - The public email of the user
-- `admin` (optional) - User is admin - true or false (default)
-- `can_create_group` (optional) - User can create groups - true or false
-- `skip_confirmation` (optional) - Skip confirmation - true or false (default)
-- `external` (optional) - Flags the user as external - true or false(default)
-- `avatar` (optional) - Image file for user's avatar
-- `private_profile` (optional) - User's profile is private - true or false
+- `email` (required) - Email
+- `password` (optional) - Password
+- `reset_password` (optional) - Send user password reset link - true or false (default)
+- `force_random_password` (optional) - Set user password to a random value - true or false (default)
+- `username` (required) - Username
+- `name` (required) - Name
+- `skype` (optional) - Skype ID
+- `linkedin` (optional) - LinkedIn
+- `twitter` (optional) - Twitter account
+- `website_url` (optional) - Website URL
+- `organization` (optional) - Organization name
+- `projects_limit` (optional) - Number of projects user can create
+- `extern_uid` (optional) - External UID
+- `provider` (optional) - External provider name
+- `group_id_for_saml` (optional) - ID of group where SAML has been configured
+- `bio` (optional) - User's biography
+- `location` (optional) - User's location
+- `public_email` (optional) - The public email of the user
+- `admin` (optional) - User is admin - true or false (default)
+- `can_create_group` (optional) - User can create groups - true or false
+- `skip_confirmation` (optional) - Skip confirmation - true or false (default)
+- `external` (optional) - Flags the user as external - true or false(default)
+- `avatar` (optional) - Image file for user's avatar
+- `private_profile` (optional) - User's profile is private - true or false
- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user
- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 9ab5fa8d0bd..41418aa216c 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -158,6 +158,7 @@ module API
at_least_one_of :password, :reset_password
requires :name, type: String, desc: 'The name of the user'
requires :username, type: String, desc: 'The username of the user'
+ optional :force_random_password, type: Boolean, desc: 'Flag indicating a random password will be set'
use :optional_attributes
end
post do
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index bab1520b960..46925daf40a 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -416,7 +416,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(true)
expect(new_user.can_create_group).to eq(true)
end
@@ -435,7 +434,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(false)
expect(new_user.can_create_group).to eq(false)
end
@@ -445,7 +443,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(false)
end
@@ -460,7 +457,6 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq nil
expect(new_user.external).to be_falsy
end
@@ -470,7 +466,6 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq nil
expect(new_user.external).to be_truthy
end
@@ -482,7 +477,19 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
+ expect(new_user.recently_sent_password_reset?).to eq(true)
+ end
+
+ it "creates user with random password" do
+ params = attributes_for(:user, force_random_password: true, reset_password: true)
+ post api('/users', admin), params: params
+
+ expect(response).to have_gitlab_http_status(201)
+
+ user_id = json_response['id']
+ new_user = User.find(user_id)
+
+ expect(new_user.valid_password?(params[:password])).to eq(false)
expect(new_user.recently_sent_password_reset?).to eq(true)
end