[NEW] create a method 'create token'

packages/rocketchat-api/server/v1/users.js

@@ -263,3 +263,14 @@ RocketChat.API.v1.addRoute('users.update', { authRequired: true }, {
 		return RocketChat.API.v1.success({ user: RocketChat.models.Users.findOneById(this.bodyParams.userId, { fields: RocketChat.API.v1.defaultFieldsToExclude }) });
 	}
 });
+
+RocketChat.API.v1.addRoute('users.createToken', { authRequired: true }, {
+	post() {
+		const user = this.getUserFromParams();
+		let data;
+		Meteor.runAsUser(this.userId, () => {
+			data = Meteor.call('createToken', {user});
+		});
+		return data ? RocketChat.API.v1.success({data}) : RocketChat.API.v1.unauthorized();
+	}
+});

packages/rocketchat-authorization/server/startup.js

@@ -46,6 +46,7 @@ Meteor.startup(function() {
 		{ _id: 'set-moderator',                 roles : ['admin', 'owner'] },
 		{ _id: 'set-owner',                     roles : ['admin', 'owner'] },
 		{ _id: 'unarchive-room',                roles : ['admin'] },
+		{ _id: 'user-generate-access-token',    roles : ['admin'] },
 		{ _id: 'view-c-room',                   roles : ['admin', 'user', 'bot'] },
 		{ _id: 'view-d-room',                   roles : ['admin', 'user', 'bot'] },
 		{ _id: 'view-full-other-user-info',     roles : ['admin'] },

packages/rocketchat-lib/package.js

@@ -134,6 +134,7 @@ Package.onUse(function(api) {
 	api.addFiles('server/methods/checkRegistrationSecretURL.js', 'server');
 	api.addFiles('server/methods/cleanChannelHistory.js', 'server');
 	api.addFiles('server/methods/createChannel.js', 'server');
+	api.addFiles('server/methods/createToken.js', 'server');
 	api.addFiles('server/methods/createPrivateGroup.js', 'server');
 	api.addFiles('server/methods/deleteMessage.js', 'server');
 	api.addFiles('server/methods/deleteUserOwnAccount.js', 'server');

packages/rocketchat-lib/server/methods/createToken.js

@@ -0,0 +1,13 @@
+Meteor.methods({
+	createToken({user}) {
+		if (Meteor.userId() !== user._id && !RocketChat.authz.hasPermission(Meteor.userId(), 'user-generate-access-token')) {
+			throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'createToken' });
+		}
+		const token = Accounts._generateStampedLoginToken();
+		Accounts._insertLoginToken(user._id, token);
+		return {
+			userId: user._id,
+			authToken: token.token
+		};
+	}
+});

tests/end-to-end/api/01-users.js

@@ -5,7 +5,6 @@
 import {getCredentials, api, login, request, credentials, apiEmail, apiUsername, targetUser, log} from '../../data/api-data.js';
 import {adminEmail, password} from '../../data/user.js';
 import {imgURL} from '../../data/interactions.js';
-import supertest from 'supertest';
 
 describe('Users', function() {
 	this.retries(0);
@@ -143,4 +142,110 @@ describe('Users', function() {
 			})
 			.end(done);
 	});
+
+	describe('/users.createToken', () => {
+		let user;
+		beforeEach((done) => {
+			const username = `user.test.${ Date.now() }`;
+			const email = `${ username }@rocket.chat`;
+			request.post(api('users.create'))
+				.set(credentials)
+				.send({ email, name: username, username, password })
+				.end((err, res) => {
+					user = res.body.user;
+					done();
+				});
+		});
+
+		let userCredentials;
+		beforeEach((done) => {
+			request.post(api('login'))
+				.send({
+					user: user.username,
+					password
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					userCredentials = {};
+					userCredentials['X-Auth-Token'] = res.body.data.authToken;
+					userCredentials['X-User-Id'] = res.body.data.userId;
+				})
+				.end(done);
+		});
+		afterEach(done => {
+			request.post(api('users.delete')).set(credentials).send({
+				userId: user._id
+			}).end(done);
+			user = undefined;
+		});
+
+		describe('logged as admin', () => {
+			it('should return the user id and a new token', (done) => {
+				request.post(api('users.createToken'))
+				.set(credentials)
+				.send({
+					username: user.username
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+					expect(res.body).to.have.deep.property('data.userId', user._id);
+					expect(res.body).to.have.deep.property('data.authToken');
+				})
+				.end(done);
+			});
+		});
+
+		describe('logged as itself', () => {
+			it('should return the user id and a new token', (done) => {
+				request.post(api('users.createToken'))
+				.set(userCredentials)
+				.send({
+					username: user.username
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+					expect(res.body).to.have.deep.property('data.userId', user._id);
+					expect(res.body).to.have.deep.property('data.authToken');
+				})
+				.end(done);
+			});
+		});
+
+		describe('As an user not allowed', () => {
+			it('should return 401 unauthorized', (done) => {
+				request.post(api('users.createToken'))
+				.set(userCredentials)
+				.send({
+					username: 'rocket.cat'
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res) => {
+					expect(res.body).to.have.property('errorType');
+					expect(res.body).to.have.property('error');
+				})
+				.end(done);
+			});
+		});
+
+		describe('Not logged in', () => {
+			it('should return 401 unauthorized', (done) => {
+				request.post(api('users.createToken'))
+				.send({
+					username: user.username
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(401)
+				.expect((res) => {
+					expect(res.body).to.have.property('message');
+				})
+				.end(done);
+			});
+		});
+	});
 });