From 411310d698e86bd639b31f2f5a8b856365b4590f Mon Sep 17 00:00:00 2001 From: Giteabot Date: Tue, 19 Dec 2023 11:14:06 +0800 Subject: [PATCH] chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525) Backport #28491 by @appleboy - Modify the `Password` field in `CreateUserOption` struct to remove the `Required` tag - Update the `v1_json.tmpl` template to include the `email` field and remove the `password` field Signed-off-by: Bo-Yi Wu Co-authored-by: Bo-Yi Wu --- modules/structs/admin_user.go | 5 ++--- routers/api/v1/admin/user.go | 32 +++++++++++++++++++++----------- templates/swagger/v1_json.tmpl | 3 +-- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/modules/structs/admin_user.go b/modules/structs/admin_user.go index 4d679c81d0..f7c6d10ba0 100644 --- a/modules/structs/admin_user.go +++ b/modules/structs/admin_user.go @@ -15,9 +15,8 @@ type CreateUserOption struct { FullName string `json:"full_name" binding:"MaxSize(100)"` // required: true // swagger:strfmt email - Email string `json:"email" binding:"Required;Email;MaxSize(254)"` - // required: true - Password string `json:"password" binding:"Required;MaxSize(255)"` + Email string `json:"email" binding:"Required;Email;MaxSize(254)"` + Password string `json:"password" binding:"MaxSize(255)"` MustChangePassword *bool `json:"must_change_password"` SendNotify bool `json:"send_notify"` Restricted *bool `json:"restricted"` diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 610eba1749..15c0d894e2 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -93,18 +93,28 @@ func CreateUser(ctx *context.APIContext) { if ctx.Written() { return } - if !password.IsComplexEnough(form.Password) { - err := errors.New("PasswordComplexity") - ctx.Error(http.StatusBadRequest, "PasswordComplexity", err) - return - } - pwned, err := password.IsPwned(ctx, form.Password) - if pwned { - if err != nil { - log.Error(err.Error()) + + if u.LoginType == auth.Plain { + if len(form.Password) < setting.MinPasswordLength { + err := errors.New("PasswordIsRequired") + ctx.Error(http.StatusBadRequest, "PasswordIsRequired", err) + return + } + + if !password.IsComplexEnough(form.Password) { + err := errors.New("PasswordComplexity") + ctx.Error(http.StatusBadRequest, "PasswordComplexity", err) + return + } + + pwned, err := password.IsPwned(ctx, form.Password) + if pwned { + if err != nil { + log.Error(err.Error()) + } + ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned")) + return } - ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned")) - return } overwriteDefault := &user_model.CreateUserOverwriteOptions{ diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 73f86bf8a6..644fe6aa26 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -18328,8 +18328,7 @@ "type": "object", "required": [ "username", - "email", - "password" + "email" ], "properties": { "created_at": {