diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 0443e8b89eff2352ef35f6bb1e03a73661090c68..f63df27eebd1f92382b82bb298b32cc06739e9d1 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -39,12 +39,13 @@ class Admin::UsersController < Admin::ApplicationController def create opts = { force_random_password: true, - password_expires_at: Time.now + password_expires_at: nil } @user = User.new(user_params.merge(opts)) @user.created_by_id = current_user.id @user.generate_password + @user.generate_reset_token @user.skip_confirmation! respond_to do |format| diff --git a/app/mailers/emails/profile.rb b/app/mailers/emails/profile.rb index f02d95fd557736b6a58887cf28bbff87c311ede2..f8a7d133d1d1861cf7bd43745b7e5b410188efc6 100644 --- a/app/mailers/emails/profile.rb +++ b/app/mailers/emails/profile.rb @@ -1,9 +1,10 @@ module Emails module Profile - def new_user_email(user_id, password) + def new_user_email(user_id, password, token = nil) @user = User.find(user_id) @password = password @target_url = user_url(@user) + @token = token mail(to: @user.email, subject: subject("Account was created for you")) end diff --git a/app/models/user.rb b/app/models/user.rb index 7e3a7262afc7f7b6d910463f5b66bbda1dd6509a..350e30f16186ee2d1c7b59b364956cb0ecf9f8f8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -240,6 +240,15 @@ class User < ActiveRecord::Base end end + def generate_reset_token + @reset_token, enc = Devise.token_generator.generate(self.class, :reset_password_token) + + self.reset_password_token = enc + self.reset_password_sent_at = Time.now.utc + + @reset_token + end + def namespace_uniq namespace_name = self.username if Namespace.find_by(path: namespace_name) @@ -488,7 +497,7 @@ class User < ActiveRecord::Base def post_create_hook log_info("User \"#{self.name}\" (#{self.email}) was created") - notification_service.new_user(self) + notification_service.new_user(self, @reset_token) system_hook_service.execute_hooks_for(self, :create) end diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index e934c486c7534e5166f243707d5026e788897bf6..36d33e0d7ca85988a97f4fb4d4ce3ab2adba4213 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -105,9 +105,9 @@ class NotificationService end # Notify new user with email after creation - def new_user(user) + def new_user(user, token = nil) # Don't email omniauth created users - mailer.new_user_email(user.id, user.password) unless user.extern_uid? + mailer.new_user_email(user.id, user.password, token) unless user.extern_uid? end # Notify users on new note in system diff --git a/app/views/admin/users/_form.html.haml b/app/views/admin/users/_form.html.haml index d00772d4dfefe30298a454faa6208e493c5e3440..e18dd9bc905d455a9d1b1af91d5990306806302b 100644 --- a/app/views/admin/users/_form.html.haml +++ b/app/views/admin/users/_form.html.haml @@ -31,9 +31,9 @@ = f.label :password, class: 'control-label' .col-sm-10 %strong - A temporary password will be generated and sent to user. + Reset link will be generated and sent to the user. %br - User will be forced to change it after first sign in + User will be forced to set the password on first sign in. - else %fieldset %legend Password diff --git a/app/views/notify/new_user_email.html.haml b/app/views/notify/new_user_email.html.haml index 09518cd3c7fc6b3bda686c84a8e23418ee138518..ebbe98dd472fe38b2ac76d7181b6b9f85ba79b09 100644 --- a/app/views/notify/new_user_email.html.haml +++ b/app/views/notify/new_user_email.html.haml @@ -11,11 +11,4 @@ - if @user.created_by_id %p - password.................................. - %code= @password - - %p - You will be forced to change this password immediately after login. - -%p - = link_to "Click here to login", root_url + = link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) diff --git a/app/views/notify/new_user_email.text.erb b/app/views/notify/new_user_email.text.erb index c21c95d30474ec3dc20d39a2f22142fae02772d7..96b26879a7720820b861fa6109b89574a5c37122 100644 --- a/app/views/notify/new_user_email.text.erb +++ b/app/views/notify/new_user_email.text.erb @@ -4,10 +4,5 @@ The Administrator created an account for you. Now you are a member of the compan login.................. <%= @user.email %> <% if @user.created_by_id %> - password............... <%= @password %> - - You will be forced to change this password immediately after login. + <%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %> <% end %> - - -Click here to login: <%= url_for(root_url) %> diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb index d7230ec43416433d144944eefae0a0dbeb1e8344..314b2691c40d31e721cdc62d4d2391e49f8f6025 100644 --- a/spec/mailers/notify_spec.rb +++ b/spec/mailers/notify_spec.rb @@ -43,7 +43,7 @@ describe Notify do let(:example_site_path) { root_path } let(:new_user) { create(:user, email: 'newguy@example.com', created_by_id: 1) } - subject { Notify.new_user_email(new_user.id, new_user.password) } + subject { Notify.new_user_email(new_user.id, new_user.password, 'kETLwRaayvigPq_x3SNM') } it_behaves_like 'an email sent from GitLab' @@ -59,8 +59,12 @@ describe Notify do should have_body_text /#{new_user.email}/ end - it 'contains the new user\'s password' do - should have_body_text /password/ + it 'contains the password text' do + should have_body_text /Click here to set your password/ + end + + it 'includes a link for user to set password' do + should have_body_text 'http://localhost/users/password/edit?reset_password_token=kETLwRaayvigPq_x3SNM' end it 'includes a link to the site' do