Merge branch '25802-fix-user-creation-with-force-random-password' into 'master'

Fix force_random_password option in Users API See merge request gitlab-org/gitlab!57751

Merge branch '25802-fix-user-creation-with-force-random-password' into 'master'
Fix force_random_password option in Users API See merge request gitlab-org/gitlab!57751
26f0d7db · Dylan Griffith · 7c7d964b · 89ac4baf · 26f0d7db · 26f0d7db
Commit 26f0d7db authored Mar 31, 2021 by Dylan Griffith
3 changed files
--- a/changelogs/unreleased/25802-fix-user-creation-with-force-random-password.yml
+++ b/changelogs/unreleased/25802-fix-user-creation-with-force-random-password.yml
+---
+title: Fix force_random_password option when creating Users via API
+merge_request: 57751
+author:
+type: fixed
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -231,7 +231,7 @@ module API
        optional :password, type: String, desc: 'The password of the new user'
        optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token'
        optional :skip_confirmation, type: Boolean, desc: 'Flag indicating the account is confirmed'
-        at_least_one_of :password, :reset_password
+        at_least_one_of :password, :reset_password, :force_random_password
        requires :name, type: String, desc: 'The name of the user'
        requires :username, type: String, desc: 'The username of the user'
        optional :force_random_password, type: Boolean, desc: 'Flag indicating a random password will be set'

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -928,7 +928,8 @@ RSpec.describe API::Users do
    end

    it "creates user with random password" do
-      params = attributes_for(:user, force_random_password: true, reset_password: true)
+      params = attributes_for(:user, force_random_password: true)
+      params.delete(:password)
      post api('/users', admin), params: params

      expect(response).to have_gitlab_http_status(:created)
@@ -936,8 +937,7 @@ RSpec.describe API::Users do
      user_id = json_response['id']
      new_user = User.find(user_id)

-      expect(new_user.valid_password?(params[:password])).to eq(false)
-      expect(new_user.recently_sent_password_reset?).to eq(true)
+      expect(new_user.encrypted_password).to be_present
    end

    it "creates user with private profile" do