Super user invites (#483)

This PR brings user invites logic to the Management service via HTTP API. The POST /users/ API endpoint creates a new user in the Idp and then in the local storage. Once the invited user signs ups, the account invitation is redeemed. There are a few limitations. This works only with an enabled IdP manager. Users that already have a registered account can't be invited.
2026-04-18 08:16:39 +00:00 · 2022-10-13 18:26:31 +02:00
parent abd1230a69
commit 06055af361
25 changed files with 783 additions and 182 deletions
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -35,6 +35,10 @@ components:
        role:
          description: User's NetBird account role
          type: string
+        status:
+          description: User's status
+          type: string
+          enum: [ "active","invited","disabled" ]
        auto_groups:
          description: Groups to auto-assign to peers registered by this user
          type: array
@@ -46,6 +50,7 @@ components:
      - name
      - role
      - auto_groups
+      - status
    UserRequest:
      type: object
      properties:
@@ -60,6 +65,27 @@ components:
      required:
        - role
        - auto_groups
+    UserCreateRequest:
+      type: object
+      properties:
+        role:
+          description: User's NetBird account role
+          type: string
+        email:
+          description: User's Email to send invite to
+          type: string
+        name:
+          description: User's full name
+          type: string
+        auto_groups:
+          description: Groups to auto-assign to peers registered by this user
+          type: array
+          items:
+            type: string
+      required:
+        - role
+        - auto_groups
+        - email
    PeerMinimum:
      type: object
      properties:
@@ -499,6 +525,33 @@ paths:
          "$ref": "#/components/responses/forbidden"
        '500':
          "$ref": "#/components/responses/internal_error"
+  /api/users/:
+    post:
+      summary: Create a User (invite)
+      tags: [ Users]
+      security:
+        - BearerAuth: [ ]
+      requestBody:
+        description: User invite information
+        content:
+          'application/json':
+            schema:
+              $ref: '#/components/schemas/UserCreateRequest'
+      responses:
+        '200':
+          description: A User object
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          "$ref": "#/components/responses/bad_request"
+        '401':
+          "$ref": "#/components/responses/requires_authentication"
+        '403':
+          "$ref": "#/components/responses/forbidden"
+        '500':
+          "$ref": "#/components/responses/internal_error"
  /api/users/{id}:
    put:
      summary: Update information about a User