Commit c29857ac authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'new_user_password_set' into 'master'

Admin created user should get password reset link instead of mailed temporary password

Fixes #1405

See merge request !973
parents 945dd627 c0a95947
...@@ -39,12 +39,13 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -39,12 +39,13 @@ class Admin::UsersController < Admin::ApplicationController
def create def create
opts = { opts = {
force_random_password: true, force_random_password: true,
password_expires_at: Time.now password_expires_at: nil
} }
@user = User.new(user_params.merge(opts)) @user = User.new(user_params.merge(opts))
@user.created_by_id = current_user.id @user.created_by_id = current_user.id
@user.generate_password @user.generate_password
@user.generate_reset_token
@user.skip_confirmation! @user.skip_confirmation!
respond_to do |format| respond_to do |format|
......
module Emails module Emails
module Profile module Profile
def new_user_email(user_id, password) def new_user_email(user_id, password, token = nil)
@user = User.find(user_id) @user = User.find(user_id)
@password = password @password = password
@target_url = user_url(@user) @target_url = user_url(@user)
@token = token
mail(to: @user.email, subject: subject("Account was created for you")) mail(to: @user.email, subject: subject("Account was created for you"))
end end
......
...@@ -240,6 +240,15 @@ class User < ActiveRecord::Base ...@@ -240,6 +240,15 @@ class User < ActiveRecord::Base
end end
end end
def generate_reset_token
@reset_token, enc = Devise.token_generator.generate(self.class, :reset_password_token)
self.reset_password_token = enc
self.reset_password_sent_at = Time.now.utc
@reset_token
end
def namespace_uniq def namespace_uniq
namespace_name = self.username namespace_name = self.username
if Namespace.find_by(path: namespace_name) if Namespace.find_by(path: namespace_name)
...@@ -488,7 +497,7 @@ class User < ActiveRecord::Base ...@@ -488,7 +497,7 @@ class User < ActiveRecord::Base
def post_create_hook def post_create_hook
log_info("User \"#{self.name}\" (#{self.email}) was created") log_info("User \"#{self.name}\" (#{self.email}) was created")
notification_service.new_user(self) notification_service.new_user(self, @reset_token)
system_hook_service.execute_hooks_for(self, :create) system_hook_service.execute_hooks_for(self, :create)
end end
......
...@@ -105,9 +105,9 @@ class NotificationService ...@@ -105,9 +105,9 @@ class NotificationService
end end
# Notify new user with email after creation # Notify new user with email after creation
def new_user(user) def new_user(user, token = nil)
# Don't email omniauth created users # Don't email omniauth created users
mailer.new_user_email(user.id, user.password) unless user.extern_uid? mailer.new_user_email(user.id, user.password, token) unless user.extern_uid?
end end
# Notify users on new note in system # Notify users on new note in system
......
...@@ -31,9 +31,9 @@ ...@@ -31,9 +31,9 @@
= f.label :password, class: 'control-label' = f.label :password, class: 'control-label'
.col-sm-10 .col-sm-10
%strong %strong
A temporary password will be generated and sent to user. Reset link will be generated and sent to the user.
%br %br
User will be forced to change it after first sign in User will be forced to set the password on first sign in.
- else - else
%fieldset %fieldset
%legend Password %legend Password
......
...@@ -11,11 +11,4 @@ ...@@ -11,11 +11,4 @@
- if @user.created_by_id - if @user.created_by_id
%p %p
password.................................. = link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token)
%code= @password
%p
You will be forced to change this password immediately after login.
%p
= link_to "Click here to login", root_url
...@@ -4,10 +4,5 @@ The Administrator created an account for you. Now you are a member of the compan ...@@ -4,10 +4,5 @@ The Administrator created an account for you. Now you are a member of the compan
login.................. <%= @user.email %> login.................. <%= @user.email %>
<% if @user.created_by_id %> <% if @user.created_by_id %>
password............... <%= @password %> <%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %>
You will be forced to change this password immediately after login.
<% end %> <% end %>
Click here to login: <%= url_for(root_url) %>
...@@ -43,7 +43,7 @@ describe Notify do ...@@ -43,7 +43,7 @@ describe Notify do
let(:example_site_path) { root_path } let(:example_site_path) { root_path }
let(:new_user) { create(:user, email: 'newguy@example.com', created_by_id: 1) } let(:new_user) { create(:user, email: 'newguy@example.com', created_by_id: 1) }
subject { Notify.new_user_email(new_user.id, new_user.password) } subject { Notify.new_user_email(new_user.id, new_user.password, 'kETLwRaayvigPq_x3SNM') }
it_behaves_like 'an email sent from GitLab' it_behaves_like 'an email sent from GitLab'
...@@ -59,8 +59,12 @@ describe Notify do ...@@ -59,8 +59,12 @@ describe Notify do
should have_body_text /#{new_user.email}/ should have_body_text /#{new_user.email}/
end end
it 'contains the new user\'s password' do it 'contains the password text' do
should have_body_text /password/ should have_body_text /Click here to set your password/
end
it 'includes a link for user to set password' do
should have_body_text 'http://localhost/users/password/edit?reset_password_token=kETLwRaayvigPq_x3SNM'
end end
it 'includes a link to the site' do it 'includes a link to the site' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment