Users API is not consistent with docs for force_random_password
Summary
The Users API docs state that you can use any one of password, reset_password, and force_random_password when creating a user.
Either password, reset_password, or force_random_password must be specified. If reset_password and force_random_password are both false, then password is required.
Note that force_random_password and reset_password take priority over password. In addition, reset_password and force_random_password can be used together.
However, the API code, requires one of password or reset_password. https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/api/users.rb#L163
This feature was introduced in gitlab-foss!30138 (merged)
Steps to reproduce
Attempt to create a user with force_random_password set and not reset_password or password.
curl -X POST \
'http://example.com/api/v4/users?private_token=xxxxxxxx' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '{ "email": "test@example.com",
"username": "testusername",
"name": "testname",
"force_random_password": True
}'What is the current bug behavior?
HTTP Error 400: password, reset_password are missing, at least one parameter must be provided
What is the expected correct behavior?
User is created with a random password.
Possible fixes
It might just be a one line fix to: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/api/users.rb#L163 adding force_random_password, but I don't know if other code relies on this restriction.
Activity
mentioned in issue gitlab-org/quality/triage-reports#257 (closed)
mentioned in issue #230634 (closed)
mentioned in issue #232355 (closed)
mentioned in issue #233310 (closed)
mentioned in issue #235065 (closed)
added sectiondev label
mentioned in issue #237803 (closed)
added vintage label
Hi @AJDurant
Thanks for raising this bug.
Contributions like this are vital to help make GitLab a better product.
We would be grateful for your help in verifying whether your bug report requires further attention from the team. If you think this bug still exists, and is reproducible with the latest stable version of GitLab, please comment on this issue.
This issue has been inactive for more than 12 months now and based on the policy for inactive bugs, will be closed in 7 days.
Thanks for your contributions to make GitLab better!
added stale label
This was fixed by !57751 (merged)
I'm on latest stable gitlab - 14.1.2 - and the bug is reproducible at least on Rails console.
$ sudo gitlab-rails console -------------------------------------------------------------------------------- Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] GitLab: 14.1.2 (8c67b499146) FOSS GitLab Shell: 13.19.1 PostgreSQL: 12.6 -------------------------------------------------------------------------------- Loading production environment (Rails 6.1.3.2) irb(main):001:0> a =User.new(name: 'test2', email: '1@1.12', force_random_password: true, username: 'TTest'); => #<User id: @TTest> irb(main):002:0> a.save! Traceback (most recent call last): 1: from (irb):2 ActiveRecord::RecordInvalid (Validation failed: Password can't be blank)
