Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Create User via API without Invite

Scheduled Pinned Locked Moved Solved Support
10 Posts 3 Posters 873 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timmmmyboyT Offline
    timmmmyboyT Offline
    timmmmyboy
    wrote on last edited by
    #1

    I'm looking at generating user accounts externally through the API. It looks like even though you can prevent the invite from being sent, the user does eventually have to go to the invite URL and enter a password, is that right? I'm hoping to not have to expose the user to the Cloudron admin interface and rather have them interact directly with the external application. Could I POST data to the invite page directly to complete the creation of the user account?

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #2

    @timmmmyboy I think it's a bit tricky to POST to that invite page because it's an oauth route and depends on sessions. Would it help if we enhanced the current user creation API to take in a password as well?

    timmmmyboyT 1 Reply Last reply
    0
  • timmmmyboyT Offline
    timmmmyboyT Offline
    timmmmyboy
    replied to girish on last edited by
    #3

    @girish Taking a password via the API to bypass the verification process would work perfectly.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    @timmmmyboy I have added the API, will be part of the next release (sometime next week). If you want to try it out on your Cloudron, you need to apply just the two liner to your Cloudron /home/yellowtent/box/src/routes/user.js and then sudo systemctl restart box:

    https://git.cloudron.io/cloudron/box/commit/7549b3e837c441e2fd8bc2afa142db327c7ad181#934e382c74ab750a4f5bf63011fc52b1cd205ac6

    timmmmyboyT 1 Reply Last reply
    0
  • timmmmyboyT Offline
    timmmmyboyT Offline
    timmmmyboy
    replied to girish on last edited by
    #5

    @girish Awesome, works perfectly! Thanks for the super fast turnaround!

    1 Reply Last reply
    0
  • S Offline
    S Offline
    stoccafisso
    wrote on last edited by stoccafisso
    #6

    Where do the user change their profile/password etc, if they whish/need to?

    timmmmyboyT 1 Reply Last reply
    0
  • timmmmyboyT Offline
    timmmmyboyT Offline
    timmmmyboy
    replied to stoccafisso on last edited by
    #7

    @stoccafisso That's a good point. It looks like we'd need to add 'password' as an option to the Update user call as well

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #8

    Users change their own passwords using the profile api. Currently, there is no way for an admin to set an arbitrary password for an existing user. Instead an admin can 'reset' it using re-invite api.

    1 Reply Last reply
    0
  • timmmmyboyT Offline
    timmmmyboyT Offline
    timmmmyboy
    wrote on last edited by
    #9

    Standard users can't generate a token to make that API call though, right?

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #10

    Normal users can create tokens but they don't have access to any call other than the /api/v1/profile/* routes. Internally, each token has a list of "scopes" (oauth scopes) which indicate what API can be allowed. For normal users, this scope is only the profile scope. For admin users, it includes all the other API calls.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.