diff options
| -rw-r--r-- | src/mailman/rest/docs/users.txt | 27 | ||||
| -rw-r--r-- | src/mailman/rest/users.py | 7 |
2 files changed, 31 insertions, 3 deletions
diff --git a/src/mailman/rest/docs/users.txt b/src/mailman/rest/docs/users.txt index d6ac3e4c2..7a5b07254 100644 --- a/src/mailman/rest/docs/users.txt +++ b/src/mailman/rest/docs/users.txt @@ -71,7 +71,7 @@ It is also available via the location given in the response. >>> dump_json('http://localhost:9001/3.0/users/2') created_on: 2005-08-01T07:49:23 http_etag: "..." - password: None + password: {CLEARTEXT}bbb real_name: Bart Person user_id: 2 @@ -81,10 +81,33 @@ them with user ids. Thus, a user can be retrieved via its email address. >>> dump_json('http://localhost:9001/3.0/users/bart@example.com') created_on: 2005-08-01T07:49:23 http_etag: "..." - password: None + password: {CLEARTEXT}bbb real_name: Bart Person user_id: 2 +Users can be created without a password. A *user friendly* password will be +assigned to them automatically, but this password will be encrypted and +therefore cannot be retrieved. It can be reset though. +:: + + >>> transaction.abort() + >>> dump_json('http://localhost:9001/3.0/users', { + ... 'email': 'cris@example.com', + ... 'real_name': 'Cris Person', + ... }) + content-length: 0 + date: ... + location: http://localhost:9001/3.0/users/3 + server: ... + status: 201 + + >>> dump_json('http://localhost:9001/3.0/users/3') + created_on: 2005-08-01T07:49:23 + http_etag: "..." + password: {CLEARTEXT}... + real_name: Cris Person + user_id: 3 + Missing users ============= diff --git a/src/mailman/rest/users.py b/src/mailman/rest/users.py index 9a00cecd2..7413a8e19 100644 --- a/src/mailman/rest/users.py +++ b/src/mailman/rest/users.py @@ -33,6 +33,8 @@ from mailman.interfaces.address import ExistingAddressError from mailman.interfaces.usermanager import IUserManager from mailman.rest.helpers import CollectionMixin, etag, path_to from mailman.rest.validator import Validator +from mailman.utilities.passwords import ( + encrypt_password, make_user_friendly_password) @@ -86,7 +88,10 @@ class AllUsers(_UserBase): except ExistingAddressError as error: return http.bad_request([], b'Address already exists {0}'.format( error.email)) - # XXX ignore password for now. + if password is None: + # This will have to be reset since it cannot be retrieved. + password = make_user_friendly_password() + user.password = encrypt_password(password) location = path_to('users/{0}'.format(user.user_id)) return http.created(location, [], None) |