aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/users/index.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/controllers/api/users/index.ts')
-rw-r--r--server/controllers/api/users/index.ts18
1 files changed, 15 insertions, 3 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index b960e80c1..98eb2beed 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -2,7 +2,7 @@ import * as express from 'express'
2import * as RateLimit from 'express-rate-limit' 2import * as RateLimit from 'express-rate-limit'
3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' 3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getFormattedObjects } from '../../../helpers/utils' 5import { generateRandomString, getFormattedObjects } from '../../../helpers/utils'
6import { WEBSERVER } from '../../../initializers/constants' 6import { WEBSERVER } from '../../../initializers/constants'
7import { Emailer } from '../../../lib/emailer' 7import { Emailer } from '../../../lib/emailer'
8import { Redis } from '../../../lib/redis' 8import { Redis } from '../../../lib/redis'
@@ -53,8 +53,6 @@ import { Hooks } from '@server/lib/plugins/hooks'
53 53
54const auditLogger = auditLoggerFactory('users') 54const auditLogger = auditLoggerFactory('users')
55 55
56// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
57// @ts-ignore
58const loginRateLimiter = RateLimit({ 56const loginRateLimiter = RateLimit({
59 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, 57 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
60 max: CONFIG.RATES_LIMIT.LOGIN.MAX 58 max: CONFIG.RATES_LIMIT.LOGIN.MAX
@@ -199,11 +197,25 @@ async function createUser (req: express.Request, res: express.Response) {
199 adminFlags: body.adminFlags || UserAdminFlag.NONE 197 adminFlags: body.adminFlags || UserAdminFlag.NONE
200 }) as MUser 198 }) as MUser
201 199
200 // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail.
201 const createPassword = userToCreate.password === ''
202 if (createPassword) {
203 userToCreate.password = await generateRandomString(20)
204 }
205
202 const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) 206 const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate })
203 207
204 auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) 208 auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
205 logger.info('User %s with its channel and account created.', body.username) 209 logger.info('User %s with its channel and account created.', body.username)
206 210
211 if (createPassword) {
212 // this will send an email for newly created users, so then can set their first password.
213 logger.info('Sending to user %s a create password email', body.username)
214 const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id)
215 const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
216 await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url)
217 }
218
207 Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) 219 Hooks.runAction('action:api.user.created', { body, user, account, videoChannel })
208 220
209 return res.json({ 221 return res.json({