Add support for creating random passwords in user creation API

To avoid having to specify an actual password to create users, admins can now use the `force_random_password` parameter to let Devise generate a password. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63826

Add support for creating random passwords in user creation API
To avoid having to specify an actual password to create users, admins can now use the `force_random_password` parameter to let Devise generate a password. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63826
d6f20b55 · Stan Hu · e29a5136 · d6f20b55 · d6f20b55 · d6f20b55
Commit d6f20b55 authored Jun 27, 2019 by Stan Hu
4 changed files
--- a/changelogs/unreleased/sh-add-force-random-password-user-api.yml
+++ b/changelogs/unreleased/sh-add-force-random-password-user-api.yml
+---
+title: Add support for creating random passwords in user creation API
+merge_request: 30138
+author:
+type: changed
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -272,7 +272,14 @@ GET /users/:id?with_custom_attributes=true

 ## User creation

-Creates a new user. Note only administrators can create new users. Either `password` or `reset_password` should be specified (`reset_password` takes priority). If `reset_password` is `false`, then `password` is required.
+Creates a new user. Note only administrators can create new
+users. Either `password`, `reset_password`, or `force_random_password`
+must be specified. If `reset_password` and `force_random_password` are
+both `false`, then `password` is required.
+
+Note that `force_random_password` and `reset_password` take priority
+over `password`. In addition, `reset_password` and
+`force_random_password` can be used together.

 ```
 POST /users
@@ -282,7 +289,8 @@ Parameters:

 - `email` (required)                 - Email
 - `password` (optional)              - Password
- `reset_password` (optional)    - Send user password reset link - true or false(default)
+- `reset_password` (optional)        - Send user password reset link - true or false (default)
+- `force_random_password` (optional) - Set user password to a random value - true or false (default)
 - `username` (required)              - Username
 - `name` (required)                  - Name
 - `skype` (optional)                 - Skype ID

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -158,6 +158,7 @@ module API
        at_least_one_of :password, :reset_password
        requires :name, type: String, desc: 'The name of the user'
        requires :username, type: String, desc: 'The username of the user'
+        optional :force_random_password, type: Boolean, desc: 'Flag indicating a random password will be set'
        use :optional_attributes
      end
      post do

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -416,7 +416,6 @@ describe API::Users do
      expect(response).to have_gitlab_http_status(201)
      user_id = json_response['id']
      new_user = User.find(user_id)
-      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(true)
      expect(new_user.can_create_group).to eq(true)
    end
@@ -435,7 +434,6 @@ describe API::Users do
      expect(response).to have_gitlab_http_status(201)
      user_id = json_response['id']
      new_user = User.find(user_id)
-      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
      expect(new_user.can_create_group).to eq(false)
    end
@@ -445,7 +443,6 @@ describe API::Users do
      expect(response).to have_gitlab_http_status(201)
      user_id = json_response['id']
      new_user = User.find(user_id)
-      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
    end

@@ -460,7 +457,6 @@ describe API::Users do

      user_id = json_response['id']
      new_user = User.find(user_id)
-      expect(new_user).not_to eq nil
      expect(new_user.external).to be_falsy
    end

@@ -470,7 +466,6 @@ describe API::Users do

      user_id = json_response['id']
      new_user = User.find(user_id)
-      expect(new_user).not_to eq nil
      expect(new_user.external).to be_truthy
    end

@@ -482,7 +477,19 @@ describe API::Users do
      user_id = json_response['id']
      new_user = User.find(user_id)

-      expect(new_user).not_to eq(nil)
+      expect(new_user.recently_sent_password_reset?).to eq(true)
+    end
+
+    it "creates user with random password" do
+      params = attributes_for(:user, force_random_password: true, reset_password: true)
+      post api('/users', admin), params: params
+
+      expect(response).to have_gitlab_http_status(201)
+
+      user_id = json_response['id']
+      new_user = User.find(user_id)
+
+      expect(new_user.valid_password?(params[:password])).to eq(false)
      expect(new_user.recently_sent_password_reset?).to eq(true)
    end