Update user API to allow creating users without a password.

Review Request #14450 — Created June 4, 2025 and submitted — Latest diff uploaded

Information

Review Board
release-7.x

Reviewers

It's extremely common now to have authentication driven by LDAP/AD
and/or SAML SSO. With this, admins increasingly want to provision users
separately instead of just letting a successful authentication create
the user account.

This change makes it possible to do a POST to the /api/users/ endpoint
without a password set, which will create the user with an unusable
password.

Ran unit tests.

Diff Revision 1 (Latest)

Commits

First Last Summary ID Author
Update user API to allow creating users without a password.
It's extremely common now to have authentication driven by LDAP/AD and/or SAML SSO. With this, admins increasingly want to provision users separately instead of just letting a successful authentication create the user account. This change makes it possible to do a POST to the /api/users/ endpoint without a password set, which will create the user with an unusable password. Testing Done: Ran unit tests.
ebf3e233c1f0e2b4110b70abeb7704b93bf5087f David Trowbridge
reviewboard/webapi/resources/user.py
reviewboard/webapi/tests/test_user.py
Loading...