I'm working on a Gitorious-to-GitLab migration using the API, and after the migration the new users will register their own accounts on GitLab, so I'm very much interested in understanding both user creation workflows. In particular, I'd like to avoid sending confirmation emails for users I create using the API if possible. My GitLab install authenticates using our LDAP server, so I don't care about passwords in GitLab or password reset tokens. I'm not a Ruby/RoR expert either, so maybe we can help each other :-)
The exclamation suffix in Ruby usually means "the method will *modify the object it's called on*". It seems the skip_confirmation! method <http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable#skip_confirmation!-instance_method> comes from the Devise gem. I could (with help from some work colleagues) work on a pull request for making user creation behave the same thru the Web UI or the API. The questions we'd need answered by the GitLab team is: 1) do they work differently by design or by accident? 2) in what situations should/could the confirmation email be skipped? Regards, Daniel Serodio On Saturday, February 7, 2015 at 8:47:45 PM UTC-2, Bram Daams wrote: > > Looking at where I think the action happens, it's not a supprise the API > behaves differently. > API: > lib/api/users.rb > <https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/users.rb> > > From line "59: post do" admin access is ensured; required attributes are > checked; user attributes are set and the user is saved, followd by some > error handling. > > > UI: > app/controllers/admin/users_controller.rb > <https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/controllers/admin/users_controller.rb#L41> > > from line "41: def create" the user object is created (probably > automagically filled with the form data) , the created_by_id attribute is > set, then these lines follow: > > @user.generate_password @user.generate_reset_token > @user.skip_confirmation! > > > Causing a password to be generated and a password reset-mail to be sent out, > (skip_confirmation is toggled??) > > > followed by @user.save and some feedback to the admin-role user. > > > I've tried adding the user actions like generate_reset_token in the API code. > Resulting in only one mail being sent: "Account was created for you". But it > does not contain the reset link. > > > So getting closer... > > > I am totally not familiar with Ruby, RoR and the GitLab code base ;-) Anyone > who would like to help? > > > Bests, > > > Bram > > > > Op vrijdag 6 februari 2015 15:23:39 UTC+1 schreef Bram Daams: >> >> No. I'm creating accounts that do not exist in LDAP. My intention is to >> create standard gitlab accounts for people not in our LDAP. >> Just to be sure weather LDAP interferes, I've disabled LDAP and this >> gives the same result. >> >> Bests, >> >> Bram >> >> Op donderdag 5 februari 2015 21:56:33 UTC+1 schreef Daniel Serodio: >>> >>> If you're using LDAP, won't the user's password be the LDAP password? >>> >>> Regards, >>> Daniel Serodio >>> >>> On Wednesday, January 28, 2015 at 2:53:07 PM UTC-2, Bram Daams wrote: >>>> >>>> Hi, >>>> >>>> I'm setting up a registration script that uses the gitlab API to create >>>> gitlab user accounts. >>>> >>>> When I POST the request with the required parameters (email, name, >>>> username, password), two mails are sent: >>>> >>>> ======== >>>> Subject: Confirmation instructions >>>> Body: >>>> Welcome Your name here! >>>> >>>> You can confirm your account through the link below: >>>> >>>> Confirm my account[1] >>>> ======== >>>> >>>> Followed by: >>>> >>>> ======== >>>> Subject: Account was created for you >>>> Body: >>>> Hi Your name here! >>>> >>>> The Administrator created an account for you. Now you are a member of >>>> the company GitLab application. >>>> >>>> login.......................................... [email protected] >>>> >>>> — >>>> View it on GitLab[2] >>>> ======== >>>> >>>> >>>> When John Doe in this example, follows the first confirmation link, >>>> he'll see a >>>> flash message: >>>> "Your account was successfully confirmed. You are now signed in."" >>>> >>>> From there, he can't change his password. Because he doesn't know his >>>> password. >>>> >>>> To get John to work with gitlab. He should: >>>> >>>> - logout. >>>> - Navigate to the standard login form (we have ldap enabled and >>>> that login form is displayed on top) >>>> - click "Forgot your password?" >>>> - fill in his mail address >>>> - check mail >>>> - click the "Change my password" link in the mail. >>>> - Then he can set his password. >>>> >>>> This is quite a contrast compared to an account created by an admin >>>> user: >>>> >>>> Hit the "New User" button in the user overview >>>> >>>> - fill in: name, username, email >>>> - hit create user >>>> - the user gets an email with subject: "Account was created for you" >>>> - the mail contains a link set a password >>>> >>>> Ideally, you want to have the password field optional in the user >>>> create api call. If the password is omitted, the newly create user should >>>> receive just one mail, just like when done manually through the UI. >>>> >>>> Seems like a bug to me. All functionality seems to be thare, but it >>>> looks like the wrong action is triggered. >>>> Am I doing something wrong here? >>>> Is there a work-around? >>>> >>>> Using the latest (7.7.1) omnibus install. >>>> >>>> Bests, >>>> >>>> Bram >>>> >>> -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/f76dd8a7-edde-4e8a-9318-4baa19f35e30%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
