Add checkbox to user form to set random password and send invitation

Author: manisandro

src/controllers/users_controller.py

@@ -27,7 +27,7 @@ def __init__(self, app, handler, mail):
 
         # send mail
         app.add_url_rule(
-            '/%s/<int:id>/sendmail' % self.base_route, 'sendmail_%s' % self.endpoint_suffix, self.sendmail,
+            '/%s/<int:id>/sendmail' % self.base_route, 'sendmail_%s' % self.endpoint_suffix, self.reset_password_send_invite,
             methods=['GET']
         )
 
@@ -121,13 +121,22 @@ def create_or_update_resources(self, resource, form, session):
             # update existing user
             user = resource
 
+        set_random_password_send_invite = form.set_random_password_send_invite.data
+
         # update user
         user.name = form.name.data
         user.description = form.description.data
         user.email = form.email.data
-        if form.password.data:
-            user.set_password(form.password.data)
-        user.force_password_change = form.force_password_change.data
+
+        if not set_random_password_send_invite:
+            if form.password.data:
+                user.set_password(form.password.data)
+            user.force_password_change = form.force_password_change.data
+        else:
+            password = secrets.token_urlsafe(8).replace('-','0')
+            user.set_password(password)
+            user.force_password_change = True
+
         user.failed_sign_in_count = form.failed_sign_in_count.data or 0
 
         totp_enabled = self.handler().config().get(
@@ -169,8 +178,11 @@ def create_or_update_resources(self, resource, form, session):
             user.roles_collection, form.roles, self.Role, 'id', session
         )
 
-    def sendmail(self, id):
-        """Send mail with access link.
+        if set_random_password_send_invite:
+            self.send_invite(user, password)
+
+    def reset_password_send_invite(self, id):
+        """Resets the password and sends mail with access link.
 
         :param int id: User ID
         """
@@ -197,46 +209,53 @@ def sendmail(self, id):
             user.set_password(password)
             user.force_password_change = True
 
-            app_name = self.handler().config().get("application_name", "QWC")
-            app_url = self.handler().config().get("application_url",
-                os.path.dirname(url_for('home', _external=True).rstrip("/")) + "/"
-            )
+            self.send_invite(user, password)
 
-            locale = os.environ.get('DEFAULT_LOCALE', 'en')
-            try:
-                body = render_template(
-                    '%s/invite_email_body.%s.txt' % (self.templates_dir, locale),
-                    user=user, password=password, app_name=app_name, app_url=app_url
-                )
-            except:
-                body = render_template(
-                    '%s/invite_email_body.en.txt' % (self.templates_dir),
-                    user=user, password=password, app_name=app_name, app_url=app_url
-                )
+            return redirect(url_for(self.base_route))
 
-            try:
-                msg = Message(
-                    i18n('interface.users.mail_subject', [app_name]),
-                    recipients=[user.email]
-                )
-                # set message body from template
-                msg.body = body
+    def send_invite(self, user, password):
+        """Sends mail with access link.
 
-                # send message
-                self.logger.debug(msg)
-                self.mail.send(msg)
-                flash(
-                    i18n('interface.users.send_mail_success'),
-                    'success'
-                )
-            except Exception as e:
-                self.logger.error(
-                    "Could not send mail to user '%s':\n%s" %
-                    (user.email, e)
-                )
-                flash(
-                    i18n('interface.users.send_mail_failure'),
-                    'error'
-                )
+        :param obj user: The user resource
+        """
+        app_name = self.handler().config().get("application_name", "QWC")
+        app_url = self.handler().config().get("application_url",
+            os.path.dirname(url_for('home', _external=True).rstrip("/")) + "/"
+        )
 
-            return redirect(url_for(self.base_route))
+        locale = os.environ.get('DEFAULT_LOCALE', 'en')
+        try:
+            body = render_template(
+                '%s/invite_email_body.%s.txt' % (self.templates_dir, locale),
+                user=user, password=password, app_name=app_name, app_url=app_url
+            )
+        except:
+            body = render_template(
+                '%s/invite_email_body.en.txt' % (self.templates_dir),
+                user=user, password=password, app_name=app_name, app_url=app_url
+            )
+
+        try:
+            msg = Message(
+                i18n('interface.users.mail_subject', [app_name]),
+                recipients=[user.email]
+            )
+            # set message body from template
+            msg.body = body
+
+            # send message
+            self.logger.debug(msg)
+            self.mail.send(msg)
+            flash(
+                i18n('interface.users.send_mail_success'),
+                'success'
+            )
+        except Exception as e:
+            self.logger.error(
+                "Could not send mail to user '%s':\n%s" %
+                (user.email, e)
+            )
+            flash(
+                i18n('interface.users.send_mail_failure'),
+                'error'
+            )

src/forms/user_form.py

@@ -19,6 +19,7 @@ class UserForm(FlaskForm):
     # NOTE: actual subform added in add_custom_fields()
     user_info = FormField(FlaskForm, i18n('interface.users.user_info'), _meta={'csrf': False})
 
+    set_random_password_send_invite = BooleanField(i18n('interface.users.set_random_password_send_invite'))
     password = PasswordField(i18n('interface.users.form_password'))
     password2 = PasswordField(
         i18n('interface.users.form_password_repeat'), validators=[EqualTo('password')])

src/templates/users/form.html

@@ -5,6 +5,33 @@
 {{super()}}
 <script src="{{ url_for('static', filename='js/jquery.multi-select.js') }}"></script>
 <script type="text/javascript">
+  function confirm_send_invitation(ev) {
+    if (!$('#set_random_password_send_invite').prop('checked')) {
+      return true;
+    }
+    let email = $('#email').val();
+    if (!email) {
+      alert('{{ i18n('interface.users.no_user_email').replace("'", "\\'") }}');
+      ev.preventDefault();
+      return false;
+    }
+    let confirm_text = '{{ i18n('interface.users.confirm_sendmail', ['$email$']).replace("'", "\\'") }}';
+    if (!confirm(confirm_text.replace('$email$', email))) {
+      ev.preventDefault();
+      return false;
+    }
+  }
+  function configure_invite_form() {
+    let checked = $('#set_random_password_send_invite').prop('checked');
+    $('#password').attr('disabled', checked);
+    $('#password2').attr('disabled', checked);
+    $('#force_password_change').attr('disabled', checked);
+    if (checked) {
+      $('#submit').val('{{ i18n('interface.users.save_and_send').replace("'", "\\'") }}');
+    } else {
+      $('#submit').val('{{ i18n('interface.common.form_submit').replace("'", "\\'") }}');
+    }
+  }
   $(function() {
     // initialize multi-select
     $('#groups').multiSelectWithSearch({
@@ -15,6 +42,8 @@
       selectableHeader: '<div class="ms-header">{{ i18n('interface.common.roles') }}</div>',
       selectionHeader: '<div class="ms-header">{{ i18n('interface.common.assigned_roles') }}</div>'
     });
+    $('#set_random_password_send_invite').change(configure_invite_form);
+    configure_invite_form();
   });
 </script>
 {% endblock %}
@@ -28,7 +57,7 @@
 {% block container %}
   <h1>{{ title }}</h1>
 
-  <form class="form form-horizontal" action="{{ action }}" method="post">
+  <form class="form form-horizontal" action="{{ action }}" method="post" onsubmit="confirm_send_invitation(event)">
     {% if method != 'POST' %}
       <input type="hidden" name="_method" value="{{method}}" />
     {% endif %}
@@ -48,6 +77,8 @@ <h1>{{ title }}</h1>
     {% endif %}
 
     <legend>{{ i18n('interface.users.authentication') }}</legend>
+    {{ wtf.render_field(form.set_random_password_send_invite, form_type="horizontal", horizontal_columns=('sm', 2, 5)) }}
+
     {{ wtf.render_field(form.password, form_type="horizontal", horizontal_columns=('sm', 2, 5)) }}
     {{ wtf.render_field(form.password2, form_type="horizontal", horizontal_columns=('sm', 2, 5)) }}
     {{ wtf.render_field(form.force_password_change, form_type="horizontal", horizontal_columns=('sm', 2, 5)) }}

src/translations/de.json

@@ -169,9 +169,11 @@
       "new_user": "Neuer Benutzer",
       "no_mail_config": "Keine Absender-E-Mail ist konfiguriert, kann keine Einladungs-E-Mail senden.",
       "no_user_email": "Keine E-Mail für den Benutzer gespeichert, kann keine E-Mail senden.",
+      "save_and_send": "Speicher und Einladung senden",
       "send_mail_failure": "Die Einladungs-E-Mail konnte nicht gesendet werden.",
       "send_mail_success": "Einladungs-E-Mail erfolgreich gesendet.",
-      "sendmail": "Einladung versenden",
+      "sendmail": "Einladung senden",
+      "set_random_password_send_invite": "Zufallspasswort setzten und Einladung senden",
       "title": "Benutzer",
       "user_info": "Benutzerinfo"
     }

src/translations/en.json

@@ -169,9 +169,11 @@
       "new_user": "New user",
       "no_mail_config": "No sender email is configured, cannot send invitation e-mail.",
       "no_user_email": "No email stored for the user, cannot send e-mail.",
+      "save_and_send": "Save and send invitation",
       "send_mail_failure": "Failed to send the invitation e-mail.",
       "send_mail_success": "Invitation e-mail sent successfully.",
       "sendmail": "Send invitation",
+      "set_random_password_send_invite": "Set random password and send invitation mail",
       "title": "Users",
       "user_info": "User info"
     }

src/translations/es.json

@@ -169,9 +169,11 @@
         "new_user": "Nuevo usuario",
         "no_mail_config": "No hay correo remitente configurado, no se puede enviar correo de invitación.",
         "no_user_email": "No hay correo almacenado para el usuario, no se puede enviar correo.",
+        "save_and_send": "Guardar y enviar invitación",
         "send_mail_failure": "Error al enviar el correo de invitación.",
         "send_mail_success": "Correo de invitación enviado exitosamente.",
         "sendmail": "Enviar invitación",
+        "set_random_password_send_invite": "Establecer contraseña aleatoria y enviar correo de invitación",
         "title": "Usuarios",
         "user_info": "Información del usuario"
       }

src/translations/fr.json

@@ -169,9 +169,11 @@
       "new_user": "Nouvel utilisateur",
       "no_mail_config": "Aucun e-mail d'expéditeur n'est configuré, il n'est pas possible d'envoyer un e-mail d'invitation.",
       "no_user_email": "Aucun e-mail n'est enregistré pour l'utilisateur, il ne peut pas envoyer d'e-mail.",
+      "save_and_send": "Enregistrer et envoyer invitation",
       "send_mail_failure": "L'envoi de l'e-mail d'invitation a échoué",
       "send_mail_success": "L'e-mail d'invitation a été envoyé avec succès",
-      "sendmail": "Envoyer une invitation",
+      "sendmail": "Envoyer invitation",
+      "set_random_password_send_invite": "Définir un mot de passe aléatoire et envoyer un e-mail d'invitation",
       "title": "Utilisateurs",
       "user_info": "Information utilisateur"
     }

src/translations/tsconfig.json

@@ -144,6 +144,8 @@
     "interface.users.confirm_message_delete",
     "interface.users.confirm_sendmail",
     "interface.users.force_password_change",
+    "interface.users.save_and_send",
+    "interface.users.set_random_password_send_invite",
     "interface.users.form_email",
     "interface.users.form_email_error",
     "interface.users.form_failed_login",