Create User via API without Invite
-
I'm looking at generating user accounts externally through the API. It looks like even though you can prevent the invite from being sent, the user does eventually have to go to the invite URL and enter a password, is that right? I'm hoping to not have to expose the user to the Cloudron admin interface and rather have them interact directly with the external application. Could I POST data to the invite page directly to complete the creation of the user account?
-
@timmmmyboy I think it's a bit tricky to POST to that invite page because it's an oauth route and depends on sessions. Would it help if we enhanced the current user creation API to take in a password as well?
@girish Taking a password via the API to bypass the verification process would work perfectly.
-
@timmmmyboy I have added the API, will be part of the next release (sometime next week). If you want to try it out on your Cloudron, you need to apply just the two liner to your Cloudron
/home/yellowtent/box/src/routes/user.jsand thensudo systemctl restart box: -
@timmmmyboy I have added the API, will be part of the next release (sometime next week). If you want to try it out on your Cloudron, you need to apply just the two liner to your Cloudron
/home/yellowtent/box/src/routes/user.jsand thensudo systemctl restart box:@girish Awesome, works perfectly! Thanks for the super fast turnaround!
-
Where do the user change their profile/password etc, if they whish/need to?
-
Where do the user change their profile/password etc, if they whish/need to?
@stoccafisso That's a good point. It looks like we'd need to add 'password' as an option to the Update user call as well
-
Users change their own passwords using the profile api. Currently, there is no way for an admin to set an arbitrary password for an existing user. Instead an admin can 'reset' it using re-invite api.
-
Standard users can't generate a token to make that API call though, right?
-
Normal users can create tokens but they don't have access to any call other than the
/api/v1/profile/*routes. Internally, each token has a list of "scopes" (oauth scopes) which indicate what API can be allowed. For normal users, this scope is only theprofilescope. For admin users, it includes all the other API calls.
