user creation api extension: Added temp password feature from admin ui into users api call

Created by: duk3luk3

This pull request

• fixes outdated comments in the POST /users api call
• adds the parameter expired_password to the call which if set will cause the password to be set expired
• adds the parameter force_random_password to the call which if set will cause the password to be randomly generated

To properly handle the more complex logic needed to make this change backwards-compatible and robust, some code had to be added. Comments were inserted where expedient.

I believe it is self-evident that adding the "generate temp password" feature that is already in the admin ui to the api call is useful. It enables for example batch-adding users with random passwords.

spec/requests/api/users_spec.rb

@@ -71,26 +71,26 @@ describe API::API do
     end
     it "should not create user with invalid email" do
-      post api("/users", admin), { email: "invalid email", password: 'password' }
+      post api("/users", admin), { email: "invalid email", password: 'password', name: "T. User", username: "testuser" }
       response.status.should == 400
     end
     it "should return 400 error if password or force_random_password not given" do
-      post api("/users", admin), { email: 'test@example.com' }
+      post api("/users", admin), { email: 'test@example.com', name: "T. User", username: "testuser" }
       response.status.should == 400
     end
     it "should return 400 error if both password and force_random_password are set" do
-      post api("/users", admin), { password: 'password', force_random_password: '1' }
+      post api("/users", admin), { password: 'password', force_random_password: '1', email: 'test@example.com', name: "T. User", username: "testuser"   }
       response.status.should == 400
     end
     it "should return 400 error if email not given" do
-      post api("/users", admin), { password: 'pass1234' }
+      post api("/users", admin), { password: 'pass1234', name: "T. User", username: "testuser"  }
       response.status.should == 400
     end
-    it "shouldn't available for non admin users" do
+    it "shouldn't be available for non admin users" do
       post api("/users", user), attributes_for(:user)
       response.status.should == 403
     end