Creates a new user. @Summary Create new user @ID create-new-user @Security CoderSessionToken @Accept json @Produce json @Tags Users @Param request body codersdk.CreateUserRequestWithOrgs true "Create user request" @Success 201 {object} codersdk.User @Router /api/v2/users [post]
(rw http.ResponseWriter, r *http.Request)
| 434 | // @Success 201 {object} codersdk.User |
| 435 | // @Router /api/v2/users [post] |
| 436 | func (api *API) postUser(rw http.ResponseWriter, r *http.Request) { |
| 437 | ctx := r.Context() |
| 438 | auditor := *api.Auditor.Load() |
| 439 | aReq, commitAudit := audit.InitRequest[database.User](rw, &audit.RequestParams{ |
| 440 | Audit: auditor, |
| 441 | Log: api.Logger, |
| 442 | Request: r, |
| 443 | Action: database.AuditActionCreate, |
| 444 | }) |
| 445 | defer commitAudit() |
| 446 | |
| 447 | var req codersdk.CreateUserRequestWithOrgs |
| 448 | if !httpapi.Read(ctx, rw, r, &req) { |
| 449 | return |
| 450 | } |
| 451 | |
| 452 | // Service accounts must use login_type 'none' and have no password |
| 453 | // or email. |
| 454 | if req.ServiceAccount { |
| 455 | // The client can omit login type for a service account and it will be |
| 456 | // set for them below. But if they request the wrong one, we have to let |
| 457 | // them know. |
| 458 | if req.UserLoginType != "" && req.UserLoginType != codersdk.LoginTypeNone { |
| 459 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 460 | Message: "Service accounts must use login type 'none'.", |
| 461 | }) |
| 462 | return |
| 463 | } |
| 464 | if req.Password != "" { |
| 465 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 466 | Message: "Password cannot be set for service accounts.", |
| 467 | }) |
| 468 | return |
| 469 | } |
| 470 | if req.Email != "" { |
| 471 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 472 | Message: "Email cannot be set for service accounts.", |
| 473 | }) |
| 474 | return |
| 475 | } |
| 476 | |
| 477 | req.UserLoginType = codersdk.LoginTypeNone |
| 478 | |
| 479 | // Service accounts are a Premium feature. |
| 480 | if !api.Entitlements.Enabled(codersdk.FeatureServiceAccounts) { |
| 481 | httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ |
| 482 | Message: fmt.Sprintf("%s is a Premium feature. Contact sales!", codersdk.FeatureServiceAccounts.Humanize()), |
| 483 | }) |
| 484 | return |
| 485 | } |
| 486 | } else if req.UserLoginType == "" { |
| 487 | // Default to password auth |
| 488 | req.UserLoginType = codersdk.LoginTypePassword |
| 489 | } |
| 490 | |
| 491 | if req.UserLoginType != codersdk.LoginTypePassword && req.Password != "" { |
| 492 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 493 | Message: fmt.Sprintf("Password cannot be set for non-password (%q) authentication.", req.UserLoginType), |
nothing calls this directly
no test coverage detected