Skip to content

Extend user add api to allow adding users like from admin panel

Created by: duk3luk3

  • Add force_random_password parameter to have password of new user set randomly and expired
  • Update docs
  • Update tests

Rationale:

  • When adding a user from the admin panel (Admin Area -> New user), the user is created with a random, expired password and in the welcome email, is directed to (re)set their password
  • The user creation API call right now only allows for a password to be set that is supplied by the API caller
  • Creating a user with a random expired password from the API is a desireable feature for e.g. batch-adding users without handling password distribution
  • This PR adds that feature

This is a remake of my old PR that was abandoned since things about how user registration/signup works were expected to change soon. Since it's been a year and the PR is still applicable, I'm resubmitting it. I've heavily polished and simplified it.

It simply adds a new parameter to the /users POST api call that allows to trigger identical behaviour to adding users from the admin panel: Setting the newly signed up user as already confirmed and with an expired password, resulting in a "You have been added to Gitlab, click here to set a password" email.

As a bonus, I've also fixed two tests for that API call that were succeeding for the wrong reasons.

Merge request reports

Loading