Create User via API without Invite
-
wrote on Apr 26, 2018, 8:08 PM last edited by
I'm looking at generating user accounts externally through the API. It looks like even though you can prevent the invite from being sent, the user does eventually have to go to the invite URL and enter a password, is that right? I'm hoping to not have to expose the user to the Cloudron admin interface and rather have them interact directly with the external application. Could I POST data to the invite page directly to complete the creation of the user account?
-
@timmmmyboy I think it's a bit tricky to POST to that invite page because it's an oauth route and depends on sessions. Would it help if we enhanced the current user creation API to take in a password as well?
-
@timmmmyboy I think it's a bit tricky to POST to that invite page because it's an oauth route and depends on sessions. Would it help if we enhanced the current user creation API to take in a password as well?
wrote on Apr 26, 2018, 8:55 PM last edited by@girish Taking a password via the API to bypass the verification process would work perfectly.
-
@timmmmyboy I have added the API, will be part of the next release (sometime next week). If you want to try it out on your Cloudron, you need to apply just the two liner to your Cloudron
/home/yellowtent/box/src/routes/user.jsand thensudo systemctl restart box: -
@timmmmyboy I have added the API, will be part of the next release (sometime next week). If you want to try it out on your Cloudron, you need to apply just the two liner to your Cloudron
/home/yellowtent/box/src/routes/user.jsand thensudo systemctl restart box:wrote on Apr 26, 2018, 11:06 PM last edited by@girish Awesome, works perfectly! Thanks for the super fast turnaround!
-
wrote on Apr 27, 2018, 6:58 PM last edited by stoccafisso Apr 27, 2018, 6:59 PM
Where do the user change their profile/password etc, if they whish/need to?
-
Where do the user change their profile/password etc, if they whish/need to?
wrote on Apr 27, 2018, 7:50 PM last edited by@stoccafisso That's a good point. It looks like we'd need to add 'password' as an option to the Update user call as well
-
Users change their own passwords using the profile api . Currently, there is no way for an admin to set an arbitrary password for an existing user. Instead an admin can 'reset' it using re-invite api .
-
wrote on Apr 27, 2018, 8:11 PM last edited by
Standard users can't generate a token to make that API call though, right?
-
Normal users can create tokens but they don't have access to any call other than the
/api/v1/profile/*routes. Internally, each token has a list of "scopes" (oauth scopes) which indicate what API can be allowed. For normal users, this scope is only theprofilescope. For admin users, it includes all the other API calls.