user password required on creation

2024-11-01 08:21:15 +03:00 · 2015-05-22 15:31:13 -04:00 · 2015-05-22 15:31:13 -04:00 · ec456c4e8b
commit ec456c4e8b
parent 39b051346a
2 changed files with 15 additions and 3 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -594,6 +594,10 @@ class UserSerializer(BaseSerializer):

    def restore_object(self, attrs, instance=None):
        new_password = attrs.pop('password', None)
+        # first time creating, password required
+        if instance is None and new_password in (None, ''):
+            self._errors = {'password': ['Password required for new User']}
+            return
        instance = super(UserSerializer, self).restore_object(attrs, instance)
        instance._new_password = new_password
        return instance
@ -655,6 +659,9 @@ class UserSerializer(BaseSerializer):
    def validate_is_superuser(self, attrs, source):
        return self._validate_ldap_managed_field(attrs, source)

+    def validate_password(self, attrs, source):
+        return attrs
+

 class OrganizationSerializer(BaseSerializer):

--- a/awx/main/tests/users.py
+++ b/awx/main/tests/users.py
@ -119,11 +119,16 @@ class UsersTest(BaseTest):
        self.organizations[0].users.add(self.other_django_user)
        self.organizations[0].users.add(self.normal_django_user)
        self.organizations[1].users.add(self.other_django_user)
+
+    def test_user_creation_fails_without_password(self):
+        url = reverse('api:user_list')
+        new_user = dict(username='blippy')
+        response = self.post(url, expect=400, data=new_user, auth=self.get_super_credentials())
 
    def test_only_super_user_or_org_admin_can_add_users(self):
        url = reverse('api:user_list')
-        new_user = dict(username='blippy')
-        new_user2 = dict(username='blippy2')
+        new_user = dict(username='blippy', password='hippy')
+        new_user2 = dict(username='blippy2', password='hippy2')
        self.post(url, expect=401, data=new_user, auth=None)
        self.post(url, expect=401, data=new_user, auth=self.get_invalid_credentials())
        self.post(url, expect=403, data=new_user, auth=self.get_other_credentials())
@ -138,7 +143,7 @@ class UsersTest(BaseTest):

    def test_only_super_user_can_use_superuser_flag(self):
        url = reverse('api:user_list')
-        new_super_user = dict(username='nommy', is_superuser=True)
+        new_super_user = dict(username='nommy', password='cookie', is_superuser=True)
        self.post(url, expect=401, data=new_super_user, auth=self.get_invalid_credentials())
        self.post(url, expect=403, data=new_super_user, auth=self.get_other_credentials())
        self.post(url, expect=403, data=new_super_user, auth=self.get_normal_credentials())