diff options
Diffstat (limited to 'server/controllers/api/users/index.ts')
-rw-r--r-- | server/controllers/api/users/index.ts | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index b960e80c1..98eb2beed 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -2,7 +2,7 @@ import * as express from 'express' | |||
2 | import * as RateLimit from 'express-rate-limit' | 2 | import * as RateLimit from 'express-rate-limit' |
3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' | 3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' |
4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
5 | import { getFormattedObjects } from '../../../helpers/utils' | 5 | import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' |
6 | import { WEBSERVER } from '../../../initializers/constants' | 6 | import { WEBSERVER } from '../../../initializers/constants' |
7 | import { Emailer } from '../../../lib/emailer' | 7 | import { Emailer } from '../../../lib/emailer' |
8 | import { Redis } from '../../../lib/redis' | 8 | import { Redis } from '../../../lib/redis' |
@@ -53,8 +53,6 @@ import { Hooks } from '@server/lib/plugins/hooks' | |||
53 | 53 | ||
54 | const auditLogger = auditLoggerFactory('users') | 54 | const auditLogger = auditLoggerFactory('users') |
55 | 55 | ||
56 | // FIXME: https://github.com/nfriedly/express-rate-limit/issues/138 | ||
57 | // @ts-ignore | ||
58 | const loginRateLimiter = RateLimit({ | 56 | const loginRateLimiter = RateLimit({ |
59 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, | 57 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, |
60 | max: CONFIG.RATES_LIMIT.LOGIN.MAX | 58 | max: CONFIG.RATES_LIMIT.LOGIN.MAX |
@@ -199,11 +197,25 @@ async function createUser (req: express.Request, res: express.Response) { | |||
199 | adminFlags: body.adminFlags || UserAdminFlag.NONE | 197 | adminFlags: body.adminFlags || UserAdminFlag.NONE |
200 | }) as MUser | 198 | }) as MUser |
201 | 199 | ||
200 | // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail. | ||
201 | const createPassword = userToCreate.password === '' | ||
202 | if (createPassword) { | ||
203 | userToCreate.password = await generateRandomString(20) | ||
204 | } | ||
205 | |||
202 | const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) | 206 | const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) |
203 | 207 | ||
204 | auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) | 208 | auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) |
205 | logger.info('User %s with its channel and account created.', body.username) | 209 | logger.info('User %s with its channel and account created.', body.username) |
206 | 210 | ||
211 | if (createPassword) { | ||
212 | // this will send an email for newly created users, so then can set their first password. | ||
213 | logger.info('Sending to user %s a create password email', body.username) | ||
214 | const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id) | ||
215 | const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString | ||
216 | await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url) | ||
217 | } | ||
218 | |||
207 | Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) | 219 | Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) |
208 | 220 | ||
209 | return res.json({ | 221 | return res.json({ |