aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/users
diff options
context:
space:
mode:
authorJohn Livingston <38844060+JohnXLivingston@users.noreply.github.com>2020-02-17 10:16:52 +0100
committerGitHub <noreply@github.com>2020-02-17 10:16:52 +0100
commit45f1bd72a08998c60a9dd68ff069cea9de39161c (patch)
tree79e484bd7fd38fe97c84fdb00a164534f43941e9 /server/controllers/api/users
parentc5621bd23bce038671cd81149a0aa5e238558b67 (diff)
downloadPeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.gz
PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.zst
PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.zip
Creating a user with an empty password will send an email to let him set his password (#2479)
* Creating a user with an empty password will send an email to let him set his password * Consideration of Chocobozzz's comments * Tips for optional password * API documentation * Fix circular imports * Tests
Diffstat (limited to 'server/controllers/api/users')
-rw-r--r--server/controllers/api/users/index.ts16
1 files changed, 15 insertions, 1 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 0b7012537..98eb2beed 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -2,7 +2,7 @@ import * as express from 'express'
2import * as RateLimit from 'express-rate-limit' 2import * as RateLimit from 'express-rate-limit'
3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' 3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getFormattedObjects } from '../../../helpers/utils' 5import { generateRandomString, getFormattedObjects } from '../../../helpers/utils'
6import { WEBSERVER } from '../../../initializers/constants' 6import { WEBSERVER } from '../../../initializers/constants'
7import { Emailer } from '../../../lib/emailer' 7import { Emailer } from '../../../lib/emailer'
8import { Redis } from '../../../lib/redis' 8import { Redis } from '../../../lib/redis'
@@ -197,11 +197,25 @@ async function createUser (req: express.Request, res: express.Response) {
197 adminFlags: body.adminFlags || UserAdminFlag.NONE 197 adminFlags: body.adminFlags || UserAdminFlag.NONE
198 }) as MUser 198 }) as MUser
199 199
200 // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail.
201 const createPassword = userToCreate.password === ''
202 if (createPassword) {
203 userToCreate.password = await generateRandomString(20)
204 }
205
200 const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) 206 const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate })
201 207
202 auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) 208 auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
203 logger.info('User %s with its channel and account created.', body.username) 209 logger.info('User %s with its channel and account created.', body.username)
204 210
211 if (createPassword) {
212 // this will send an email for newly created users, so then can set their first password.
213 logger.info('Sending to user %s a create password email', body.username)
214 const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id)
215 const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
216 await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url)
217 }
218
205 Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) 219 Hooks.runAction('action:api.user.created', { body, user, account, videoChannel })
206 220
207 return res.json({ 221 return res.json({