Allow admin to create users withoutpassword by sending mail automatically

skjnldsv · skjnldsv · commit 47bae0c6718a · 2018-03-19T08:17:53.000+01:00
Signed-off-by: John Molakvoæ (skjnldsv) &lt;skjnldsv@protonmail.com&gt;
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -50,6 +50,7 @@
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\L10N\IFactory;
+use OCP\Security\ISecureRandom;
 
 class UsersController extends OCSController {
 
@@ -73,6 +74,8 @@ class UsersController extends OCSController {
 	private $newUserMailHelper;
 	/** @var FederatedFileSharingFactory */
 	private $federatedFileSharingFactory;
+	/** @var ISecureRandom */
+	private $secureRandom;
 
 	/**
 	 * @param string $appName
@@ -87,6 +90,7 @@ class UsersController extends OCSController {
 	 * @param IFactory $l10nFactory
 	 * @param NewUserMailHelper $newUserMailHelper
 	 * @param FederatedFileSharingFactory $federatedFileSharingFactory
+	 * @param ISecureRandom $secureRandom
 	 */
 	public function __construct(string $appName,
 								IRequest $request,
@@ -99,7 +103,8 @@ public function __construct(string $appName,
 								ILogger $logger,
 								IFactory $l10nFactory,
 								NewUserMailHelper $newUserMailHelper,
-								FederatedFileSharingFactory $federatedFileSharingFactory) {
+								FederatedFileSharingFactory $federatedFileSharingFactory,
+								ISecureRandom $secureRandom) {
 		parent::__construct($appName, $request);
 
 		$this->userManager = $userManager;
@@ -112,6 +117,7 @@ public function __construct(string $appName,
 		$this->l10nFactory = $l10nFactory;
 		$this->newUserMailHelper = $newUserMailHelper;
 		$this->federatedFileSharingFactory = $federatedFileSharingFactory;
+		$this->secureRandom = $secureRandom;
 	}
 
 	/**
@@ -164,11 +170,12 @@ public function getUsers(string $search = '', $limit = null, $offset = null): Da
 	 *
 	 * @param string $userid
 	 * @param string $password
+	 * @param string $email
 	 * @param array $groups
 	 * @return DataResponse
 	 * @throws OCSException
 	 */
-	public function addUser(string $userid, string $password, array $groups = []): DataResponse {
+	public function addUser(string $userid, string $password = '', $email='', array $groups = []): DataResponse {
 		$user = $this->userSession->getUser();
 		$isAdmin = $this->groupManager->isAdmin($user->getUID());
 		$subAdminManager = $this->groupManager->getSubAdmin();
@@ -193,6 +200,18 @@ public function addUser(string $userid, string $password, array $groups = []): D
 			}
 		}
 
+		$generatePasswordResetToken = false;
+		if ($password === '') {
+			if ($email === '') {
+				throw new OCSException('To send a password link to the user an email address is required.', 108);
+			}
+
+			$password = $this->secureRandom->generate(30);
+			// Make sure we pass the password_policy
+			$password .= $this->secureRandom->generate(2, '$!.,;:-~+*[]{}()');
+			$generatePasswordResetToken = true;
+		}
+
 		try {
 			$newUser = $this->userManager->createUser($userid, $password);
 			$this->logger->info('Successful addUser call with userid: ' . $userid, ['app' => 'ocs_api']);
@@ -202,7 +221,24 @@ public function addUser(string $userid, string $password, array $groups = []): D
 				$this->logger->info('Added userid ' . $userid . ' to group ' . $group, ['app' => 'ocs_api']);
 			}
 
+			// Send new user mail only if a mail is set
+			if ($email !== '') {
+				$newUser->setEMailAddress($email);
+				try {
+					$emailTemplate = $this->newUserMailHelper->generateTemplate($newUser, $generatePasswordResetToken);
+					$this->newUserMailHelper->sendMail($newUser, $emailTemplate);
+				} catch (\Exception $e) {
+					$this->logger->logException($e, [
+						'message' => "Can't send new user mail to $email",
+						'level' => \OCP\Util::ERROR,
+						'app' => 'ocs_api',
+					]);
+					throw new OCSException('Unable to send the invitation mail', 109);
+				}
+			}
+
 			return new DataResponse();
+
 		} catch (HintException $e ) {
 			$this->logger->logException($e, [
 				'message' => 'Failed addUser attempt with hint exception.',
diff --git a/apps/provisioning_api/tests/Controller/UsersControllerTest.php b/apps/provisioning_api/tests/Controller/UsersControllerTest.php
@@ -56,6 +56,7 @@
 use OCP\IUserSession;
 use OCP\L10N\IFactory;
 use OCP\Mail\IMailer;
+use OCP\Security\ISecureRandom;
 use PHPUnit_Framework_MockObject_MockObject;
 use Test\TestCase;
 
@@ -85,6 +86,8 @@ class UsersControllerTest extends TestCase {
 	private $newUserMailHelper;
 	/** @var FederatedFileSharingFactory|\PHPUnit_Framework_MockObject_MockObject */
 	private $federatedFileSharingFactory;
+	/** @var ISecureRandom|\PHPUnit_Framework_MockObject_MockObject */
+	private $secureRandom;
 
 	protected function setUp() {
 		parent::setUp();
@@ -100,6 +103,7 @@ protected function setUp() {
 		$this->l10nFactory = $this->createMock(IFactory::class);
 		$this->newUserMailHelper = $this->createMock(NewUserMailHelper::class);
 		$this->federatedFileSharingFactory = $this->createMock(FederatedFileSharingFactory::class);
+		$this->secureRandom = $this->createMock(ISecureRandom::class);
 
 		$this->api = $this->getMockBuilder(UsersController::class)
 			->setConstructorArgs([
@@ -114,7 +118,8 @@ protected function setUp() {
 				$this->logger,
 				$this->l10nFactory,
 				$this->newUserMailHelper,
-				$this->federatedFileSharingFactory
+				$this->federatedFileSharingFactory,
+				$this->secureRandom
 			])
 			->setMethods(['fillStorageInfo'])
 			->getMock();
@@ -278,7 +283,7 @@ public function testAddUserNonExistingGroup() {
 			->with('NonExistingGroup')
 			->willReturn(false);
 
-		$this->api->addUser('NewUser', 'pass', ['NonExistingGroup']);
+		$this->api->addUser('NewUser', 'pass', '', ['NonExistingGroup']);
 	}
 
 	/**
@@ -320,7 +325,7 @@ public function testAddUserExistingGroupNonExistingGroup() {
 				['NonExistingGroup', false]
 			]));
 
-		$this->api->addUser('NewUser', 'pass', ['ExistingGroup', 'NonExistingGroup']);
+		$this->api->addUser('NewUser', 'pass', '', ['ExistingGroup', 'NonExistingGroup']);
 	}
 
 	public function testAddUserSuccessful() {
@@ -412,7 +417,7 @@ public function testAddUserExistingGroup() {
 				['Added userid NewUser to group ExistingGroup', ['app' => 'ocs_api']]
 			);
 
-		$this->assertEquals([], $this->api->addUser('NewUser', 'PasswordOfTheNewUser', ['ExistingGroup'])->getData());
+		$this->assertEquals([], $this->api->addUser('NewUser', 'PasswordOfTheNewUser', '', ['ExistingGroup'])->getData());
 	}
 
 	/**
@@ -539,7 +544,7 @@ public function testAddUserAsSubAdminValidGroupNotSubAdmin() {
 			->with('ExistingGroup')
 			->willReturn(true);
 
-		$this->api->addUser('NewUser', 'PasswordOfTheNewUser', ['ExistingGroup'])->getData();
+		$this->api->addUser('NewUser', 'PasswordOfTheNewUser', '', ['ExistingGroup'])->getData();
 	}
 
 	public function testAddUserAsSubAdminExistingGroups() {
@@ -630,7 +635,7 @@ public function testAddUserAsSubAdminExistingGroups() {
 			)
 			->willReturn(true);
 
-		$this->assertEquals([], $this->api->addUser('NewUser', 'PasswordOfTheNewUser', ['ExistingGroup1', 'ExistingGroup2'])->getData());
+		$this->assertEquals([], $this->api->addUser('NewUser', 'PasswordOfTheNewUser', '', ['ExistingGroup1', 'ExistingGroup2'])->getData());
 	}
 
 	/**
@@ -2885,7 +2890,8 @@ public function testGetCurrentUserLoggedIn() {
 				$this->logger,
 				$this->l10nFactory,
 				$this->newUserMailHelper,
-				$this->federatedFileSharingFactory
+				$this->federatedFileSharingFactory,
+				$this->secureRandom
 			])
 			->setMethods(['getUserData'])
 			->getMock();
@@ -2947,7 +2953,8 @@ public function testGetUser() {
 				$this->logger,
 				$this->l10nFactory,
 				$this->newUserMailHelper,
-				$this->federatedFileSharingFactory
+				$this->federatedFileSharingFactory,
+				$this->secureRandom
 			])
 			->setMethods(['getUserData'])
 			->getMock();
