From 45f1bd72a08998c60a9dd68ff069cea9de39161c Mon Sep 17 00:00:00 2001 From: John Livingston <38844060+JohnXLivingston@users.noreply.github.com> Date: Mon, 17 Feb 2020 10:16:52 +0100 Subject: Creating a user with an empty password will send an email to let him set his password (#2479) * Creating a user with an empty password will send an email to let him set his password * Consideration of Chocobozzz's comments * Tips for optional password * API documentation * Fix circular imports * Tests --- server/controllers/api/users/index.ts | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'server/controllers/api/users/index.ts') diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 0b7012537..98eb2beed 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -2,7 +2,7 @@ import * as express from 'express' import * as RateLimit from 'express-rate-limit' import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' import { logger } from '../../../helpers/logger' -import { getFormattedObjects } from '../../../helpers/utils' +import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' import { WEBSERVER } from '../../../initializers/constants' import { Emailer } from '../../../lib/emailer' import { Redis } from '../../../lib/redis' @@ -197,11 +197,25 @@ async function createUser (req: express.Request, res: express.Response) { adminFlags: body.adminFlags || UserAdminFlag.NONE }) as MUser + // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail. + const createPassword = userToCreate.password === '' + if (createPassword) { + userToCreate.password = await generateRandomString(20) + } + const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ userToCreate: userToCreate }) auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON())) logger.info('User %s with its channel and account created.', body.username) + if (createPassword) { + // this will send an email for newly created users, so then can set their first password. + logger.info('Sending to user %s a create password email', body.username) + const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id) + const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString + await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url) + } + Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) return res.json({ -- cgit v1.2.3