Story #3153
Updated by Tom Clegg over 10 years ago
Currently, after logging in for the first time (and assuming the user has not been pre-activated), a new user is in the "not invited" state: "wait for us to activate your account". An admin gets notified, and clicks the "Setup user" button on the users>show>admin tab and assigns a username / repository name. New behavior: If apiserver is configured to auto-invite by setting @auto_setup_new_users@, in a before_filter that runs * Send the notification email to the administrator as before @send_admin_notifications@, * Pick a username and repository name automatically (see below) * Do the same stuff the "setup new user" admin button does now: ** Add a repository ** Give the user write access to the repository ** Give the user login access to an existing shell VM (@auto_setup_new_users_with_vm_uuid@ (@auto_setup_vm_uuid@ config variable -- if false, skip this step) ** Add the user to the existing "all users" group * Do not send the "your account is now ready" email to the user during auto-invite. (It will be obvious!) * Send the notification email to the administrator as before, but add a phrase to @new_user.text.erb@ indicating whether the new user has been setup. Pick username / repository name: * use ascii part of the e-mail address before the @ sign if unique. * If not unique, add a number. Use this regular expression to sanitize the username: ** @str.match /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/@ * If it is not already there, this should go into the repository model validation. * If email address is nil or empty or has nothing before the @ sign, skip auto-setup. (Admin will get an email notification saying the new user is not setup -- this is handled by existing code.) Sanity-checking login/repo names (arvados, git, gitolite, gitolite-admin, root, syslog) * System login names are automatically excluded by the script that creates the shell users (it strips any logins that belong to users with ids < 1000). * Rails.configuration.auto_setup_name_blacklist Rails.configuration.auto_setup_repository_name_blacklist ** Default: arvados, git, gitolite, gitolite-admin, root * Rails.configuration.auto_setup_vm_username_blacklist ** Default: arvados, root, syslog * Check blacklist both blacklists from the User auto-setup method while choosing a repository/login name. Defaults for @application.default.yml@: * auto_setup_new_users: false * auto_setup_new_users_with_vm_uuid: auto_setup_vm_uuid: false * auto_setup_new_users_with_repository: false ** Note in application.default.yml that auto_setup_new_users_with_* don't work until you turn on auto_setup_new_users. Notes: * Don't automatically re-setup users who have been unsetup by administrator (implementing as an @after_create@ filter should take care of this) * Don't re-use existing repositories or login usernames. ** Look up permission links (name=can_login, head_uuid=vm_uuid) and check @properties['username']@. If any match, this is not an acceptable name and we need to try again to make a unique name. ** But do re-use existing VM! shell accounts * Document existing @new_users_are_active@ flag in the default config file (this skips the user agreement step)