diff options
Diffstat (limited to 'server/controllers/api/users/index.ts')
| -rw-r--r-- | server/controllers/api/users/index.ts | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index b960e80c1..98eb2beed 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
| @@ -2,7 +2,7 @@ import * as express from 'express' | |||
| 2 | import * as RateLimit from 'express-rate-limit' | 2 | import * as RateLimit from 'express-rate-limit' |
| 3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' | 3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' |
| 4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
| 5 | import { getFormattedObjects } from '../../../helpers/utils' | 5 | import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' |
| 6 | import { WEBSERVER } from '../../../initializers/constants' | 6 | import { WEBSERVER } from '../../../initializers/constants' |
| 7 | import { Emailer } from '../../../lib/emailer' | 7 | import { Emailer } from '../../../lib/emailer' |
| 8 | import { Redis } from '../../../lib/redis' | 8 | import { Redis } from '../../../lib/redis' |
| @@ -53,8 +53,6 @@ import { Hooks } from '@server/lib/plugins/hooks' | |||
| 53 | 53 | ||
| 54 | const auditLogger = auditLoggerFactory('users') | 54 | const auditLogger = auditLoggerFactory('users') |
| 55 | 55 | ||
| 56 | // FIXME: https://github.com/nfriedly/express-rate-limit/issues/138 | ||
| 57 | // @ts-ignore | ||
| 58 | const loginRateLimiter = RateLimit({ | 56 | const loginRateLimiter = RateLimit({ |
| 59 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, | 57 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, |
| 60 | max: CONFIG.RATES_LIMIT.LOGIN.MAX | 58 | max: CONFIG.RATES_LIMIT.LOGIN.MAX |
| @@ -199,11 +197,25 @@ async function createUser (req: express.Request, res: express.Response) { | |||
| 199 | adminFlags: body.adminFlags || UserAdminFlag.NONE | 197 | adminFlags: body.adminFlags || UserAdminFlag.NONE |
| 200 | }) as MUser | 198 | }) as MUser |
| 201 | 199 | ||
| 200 | // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail. | ||
| 201 | const createPassword = userToCreate.password === '' | ||
| 202 | if (createPassword) { | ||
| 203 | userToCreate.password = await generateRandomString(20) | ||
| 204 | } | ||
| 205 | |||
| 202 | const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) | 206 | const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) |
| 203 | 207 | ||
| 204 | auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) | 208 | auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) |
| 205 | logger.info('User %s with its channel and account created.', body.username) | 209 | logger.info('User %s with its channel and account created.', body.username) |
| 206 | 210 | ||
| 211 | if (createPassword) { | ||
| 212 | // this will send an email for newly created users, so then can set their first password. | ||
| 213 | logger.info('Sending to user %s a create password email', body.username) | ||
| 214 | const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id) | ||
| 215 | const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString | ||
| 216 | await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url) | ||
| 217 | } | ||
| 218 | |||
| 207 | Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) | 219 | Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) |
| 208 | 220 | ||
| 209 | return res.json({ | 221 | return res.json({ |